Lucene search
SnykCVELIST:CVE-2022-25352HistoryMar 17, 2022 - 11:20 a.m.
CVE-2022-25352 Prototype Pollution
2022-03-1711:20:50
snyk
www.cve.org
2
package libnested
vulnerability
cve-2022-25352
prototype pollution
set function
index.js
incomplete fix
cve-2020-28283
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
AI Score
9.8
Confidence
High
EPSS
0.012
Percentile
85.8%
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. Note: This vulnerability derives from an incomplete fix for CVE-2020-28283
CNA Affected
[
{
"product": "libnested",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-03-17 12:15:00
Remote code execution
2020-12-29 18:15:00
cve
cve
CVE-2022-25352
2022-03-17 12:15:08
CVE-2020-28283
2020-12-29 18:15:12
osv
osv
Prototype Pollution in libnested
2022-03-18 00:01:11
CVE-2022-25352
2022-03-17 12:15:08
CVE-2020-28283
2020-12-29 18:15:12
nvd
nvd
CVE-2022-25352
2022-03-17 12:15:08
CVE-2020-28283
2020-12-29 18:15:12
github
github
Prototype Pollution in libnested
2022-03-18 00:01:11
Prototype pollution vulnerability in 'libnested'
2021-10-12 16:27:02
veracode
veracode
Prototype Pollution
2022-03-18 02:11:52
Denial Of Service (DoS)
2020-12-30 00:48:19
huntr
huntr
Prototype Pollution in dominictarr/libnested
2021-01-10 00:00:00
cvelist
cvelist
CVE-2020-28283
2020-12-29 17:05:08
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
AI Score
9.8
Confidence
High
EPSS
0.012
Percentile
85.8%
Related for CVELIST:CVE-2022-25352