Lucene search

K
cvelistSnykCVELIST:CVE-2019-10747
HistoryAug 23, 2019 - 4:46 p.m.

CVE-2019-10747

2019-08-2316:46:36
snyk
www.cve.org
7

AI Score

8.2

Confidence

High

EPSS

0.006

Percentile

77.9%

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.

CNA Affected

[
  {
    "product": "set-value",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions before 2.0.1 and version 3.0.0"
      }
    ]
  }
]