CVE-2026-26021

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

Prototype Pollution

Overview set-in is a set value of nested associative structure given array of keys Affected versions of this package are vulnerable to Prototype Pollution via the set-in function. An attacker can modify the prototype of built-in objects by supplying crafted input that leverages Array.prototype,...

CVE-2026-26021

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

CVE-2026-26021 Prototype pollution in set-in

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

CVE-2026-26021 Prototype pollution in set-in

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

CVE-2026-26021

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

CVE-2026-26021

CVE-2026-26021 affects the npm package set-in (versions >=2.0.1,

CVE-2026-26021 Prototype pollution in set-in

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

GHSA-2C4M-G7RX-63Q7 set-in Affected by Prototype Pollution

Summary A prototype pollution vulnerability exists in the the npm package set-in =2.0.1. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...

set-in Affected by Prototype Pollution

Summary A prototype pollution vulnerability exists in the the npm package set-in =2.0.1. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...

PT-2026-7723

Name of the Vulnerable Software and Affected Versions set-in versions 2.0.1 through 2.0.4 Description set-in is a Node.js package that sets values within nested associative structures given an array of keys. A flaw exists where, despite a previous attempt to prevent prototype pollution by checkin...

set-in 安全漏洞

set-in is a JavaScript library developed by Mikey personally. Versions of set-in 2.0.1 to 2.0.5 had security vulnerabilities due to insufficient input validation. These vulnerabilities could allow for attacks through specially crafted input that contaminated the Object.prototype prototype, leadin...

EUVD-2021-0700

Malware in sbrugna...

EUVD-2022-1338

Malicious code in bioql PyPI...

CVE-2020-28273

Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution...

Prototype Pollution

set-in is vulnerable to prototype pollution. An attacker is able to inject malicious property types via setIn method and merge object prototypes into it, resulting in prototype pollution vulnerability...

swear (>=0.0.0 <=0.0.4), tcomb-view (>=2.0.0 <=2.0.3) +1 more potentially affected by CVE-2022-25354 via set-in (=1.1.1)

set-in NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on set-in and may be impacted: - swear =0.0.0, =2.0.0, =0.0.0, =1.0.0 Source cves: CVE-2022-25354 Source advisory: OSV:GHSA-6956-83FG-5WC5...

GHSA-6956-83FG-5WC5 Prototype Pollution in set-in

The package set-in before 2.0.3 is vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273...

Prototype Pollution in set-in

The package set-in before 2.0.3 is vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273...

CVE-2022-25354

The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273...