Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:32075
HistorySep 13, 2021 - 6:49 a.m.

Prototype Pollution

2021-09-1306:49:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
27
prototype pollution
set-value
cve-2019-10747
bypass
user-provided keys
arrays

EPSS

0.064

Percentile

93.8%

set-value is vulnerable to prototype pollution. Lack of validation in type of user-provided keys in the path parameter causes a bypass of CVE-2019-10747. The exploit is possible when the user-provided keys used in the path parameter are arrays.

Affected configurations

Vulners
Node
-node-set-value\Matchsid3.0.1-2
OR
set-value_projectset-valueMatch3.0.0node.js
OR
-node-set-value\Matchsid3.0.1-2
OR
set-value_projectset-valueMatch3.0.0node.js
OR
set-value_projectset-valueRange2.0.0node.js
OR
set-value_projectset-valueRange4.0.0node.js
VendorProductVersionCPE
-node-set-value\sidcpe:2.3:a:-:node-set-value\:sid:3.0.1-2:*:*:*:*:*:*:*
set-value_projectset-value3.0.0cpe:2.3:a:set-value_project:set-value:3.0.0:*:*:*:*:node.js:*:*
set-value_projectset-value*cpe:2.3:a:set-value_project:set-value:*:*:*:*:*:node.js:*:*