CVE-2024-21529 HIGH

CVE-2024-21529

Vendor N/A
Product dset
Weakness CWE-1321
Published September 11, 2024
Last update September 11, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P

What the vulnerability does

01Description

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.

Key dates

02Disclosure timeline

September 11, 2024 CVE published
September 11, 2024 Record updated