admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-215xx/CVE-2024-21529.json
cad-safe-bot fe3ed7f991 Auto-Update: 2024-09-11T18:00:17.868597+00:00
2024-09-11 18:03:18 +00:00

64 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-21529",
"sourceIdentifier": "report@snyk.io",
"published": "2024-09-11T05:15:02.547",
"lastModified": "2024-09-11T16:26:11.920",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program."
},
{
"lang": "es",
"value": "Las versiones del paquete dset anteriores a la 3.1.4 son vulnerables a la contaminaci\u00f3n de prototipos a trav\u00e9s de la funci\u00f3n dset debido a una desinfecci\u00f3n incorrecta de la entrada del usuario. Esta vulnerabilidad permite al atacante inyectar una propiedad de objeto maliciosa mediante la propiedad de objeto incorporada __proto__, que se asigna de forma recursiva a todos los objetos del programa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "report@snyk.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"references": [
{
"url": "https://github.com/lukeed/dset/commit/16d6154e085bef01e99f01330e5a421a7f098afa",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-DSET-7116691",
"source": "report@snyk.io"
}
]
}
Reference in New Issue View Git Blame Copy Permalink