42 matches found
EUVD-2022-1897
Malicious code in bioql PyPI...
EUVD-2024-2781
Malicious code in bioql PyPI...
EUVD-2022-4888
Malicious code in bioql PyPI...
Prototype Pollution
dset is vulnerable to Prototype Pollution. The vulnerability is due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the objects in the program...
CVE-2024-21529
A flaw was found in the dset package. Affected versions of this package are vulnerable to Prototype Pollution via the dset function due to improper user input sanitization. This vulnerability allows the attacker to inject a malicious object property using the built-in Object property proto, which...
dset Prototype Pollution vulnerability
Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...
0xsodium (>=0.2.0 <=0.14.0), @0xsodium/graphquery (>=0.2.0 <=0.14.0) +469 more potentially affected by CVE-2024-21529 via dset (>=1.0.1 <=3.1.3)
dset NPM version =1.0.1, =0.2.0, =0.2.0, =0.2.0, =1.7.3, =0.2.0, =0.0.4, =0.0.4, =0.6.0, =0.2.0, =0.2.0, =0.0.0, =1.4.0-beta.2, =0.1.0, =0.0.1, =0.0.1, =0.0.8 and more Source cves: CVE-2024-21529 Source advisory: OSV:GHSA-F6V4-CF5J-VF3W...
GHSA-F6V4-CF5J-VF3W dset Prototype Pollution vulnerability
Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...
CVE-2024-21529
Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...
CVE-2024-21529
Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...
CVE-2024-21529
Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...
CVE-2024-21529
Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...
PT-2024-18943 · Dset · Dset
Name of the Vulnerable Software and Affected Versions: dset versions prior to 3.1.4 Description: The issue arises from improper user input sanitization in the dset function, allowing an attacker to inject malicious object properties using the built-in Object property proto . This vulnerability...
Lukeed dset 安全漏洞
Lukeed Dset is a codebase by the individual developer of Lukeed based on the Javascript language that can assign values to objects of dictionary type. A security vulnerability exists in Lukeed dset versions prior to 3.1.4, which stems from improperly cleaned user input and is susceptible to...
Prototype Pollution
Overview dset is an A tiny 161B utility for safely writing deep Object values! Affected versions of this package are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the...
0xsodium (>=0.2.0 <=0.14.0), @0xsodium/graphquery (>=0.2.0 <=0.14.0) +176 more potentially affected by CVE-2024-21529 via dset (>=3.1.0 <=3.1.3)
dset NPM version =3.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.0.4, =0.0.4, =0.6.0, =0.2.0, =0.2.0, =0.0.0, =1.4.0-beta.2, =0.1.0, =0.1.10, =0.1.11 - @didomi/react =1.8.3 and more Source cves: CVE-2024-21529 Source advisory: SNYK:JS-DSET-7116691...
dset vulnerable to prototype pollution
Overview Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. Details The NPM module 'dset' can be abused by Prototype Pollution vulnerability since the function ‘export ' did not check for the...
GHSA-Q4XC-7CW8-CGFJ dset vulnerable to prototype pollution
Overview Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. Details The NPM module 'dset' can be abused by Prototype Pollution vulnerability since the function ‘export ' did not check for the...
@trovo/components (>=5.0.2 <=5.3.0), @trovo/motion (>=5.0.2 <=6.0.0) +9 more potentially affected by CVE-2020-28277 via dset (=1.0.1)
dset NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on dset and may be impacted: - @trovo/components =5.0.2, =5.0.2, =5.0.0, =1.0.15, =1.1.4, =1.0.0, =2.2.0, =1.0.0, =0.0.1, =0.0.2, =0.0.11 Source cves: CVE-2020-28277 Source advisory:...
Prototype Pollution
dset is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the merge function in the merge.js and modify attributes such as proto, constructor, and prototype...