GHSA-4H4X-4M75-47J4 depath and cool-path vulnerable to Prototype Pollution via `set()` Method

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2022-25354

The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273...

CVE-2022-25354

The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273...

PT-2022-17233

Name of the Vulnerable Software and Affected Versions set-in versions prior to 2.0.3 Description The issue allows an attacker to perform Prototype Pollution via the setIn method, enabling them to merge object prototypes into it. This problem stems from an incomplete fix of a previous issue...