CVE-2022-25354
CVE-2022-25354 affects the JavaScript package set-in, with versions before 2.0.3 vulnerable to Prototype Pollution via the setIn method. Root cause is an incomplete fix of CVE-2020-28273. Exploitation details are not provided in the documents; public references describe the issue and advisories. ...