Prototype Pollution in set-or-get

2021-04-1217:39:19

Google

osv.dev

0.012 Low

EPSS

Percentile

84.9%

JSON

Prototype pollution vulnerability in ‘set-or-get’ version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.

CPENameOperatorVersion
set-or-getge1.0.0
set-or-getlt1.2.11

CPE	Name	Operator	Version
	set-or-get	ge	1.0.0
	set-or-get	lt	1.2.11

References

github.com/IonicaBizau/set-or-get.js/commit/82ede5cccb2e8d13e4f62599203a4389f6d8e936

nvd.nist.gov/vuln/detail/CVE-2021-25913

www.npmjs.com/package/set-or-get

www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25913

0.012 Low

EPSS

Percentile

84.9%

JSON

Related for OSV:GHSA-6RV4-4QV6-88G2