Lucene search
Veracode Vulnerability DatabaseVERACODE:32075HistorySep 13, 2021 - 6:49 a.m.
Prototype Pollution
2021-09-1306:49:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
0.064 Low
EPSS
Percentile
93.7%
set-value is vulnerable to prototype pollution. Lack of validation in type of user-provided keys in the path parameter causes a bypass of CVE-2019-10747. The exploit is possible when the user-provided keys used in the path parameter are arrays.
References
github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452
github.com/jonschlinkert/set-value/commit/b057b1b8cf986746b27a145629d593c6bb4ab7c4
github.com/jonschlinkert/set-value/commit/cb12f14955dde6e61829d70d1851bfea6a3c31ad
github.com/jonschlinkert/set-value/pull/33
research.prod.srcclr.io/artifacts/20569
www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/
www.oracle.com/security-alerts/cpujan2022.html
Related
prion
prion
Type confusion
2021-09-12 13:15:00
Code injection
2019-08-23 17:15:00
osv
osv
Prototype Pollution in set-value
2021-09-13 20:09:36
CVE-2021-23440
2021-09-12 13:15:07
Prototype Pollution in set-value
2019-08-27 17:43:33
nvd
nvd
CVE-2021-23440
2021-09-12 13:15:07
CVE-2019-10747
2019-08-23 17:15:13
cve
cve
CVE-2021-23440
2021-09-12 13:15:07
CVE-2019-10747
2019-08-23 17:15:13
ubuntucve
ubuntucve
CVE-2021-23440
2021-09-12 00:00:00
CVE-2019-10747
2019-08-23 00:00:00
github
github
Prototype Pollution in set-value
2021-09-13 20:09:36
Prototype Pollution in set-value
2019-08-27 17:43:33
cvelist
cvelist
CVE-2021-23440 Prototype Pollution
2021-09-12 00:00:00
CVE-2019-10747
2019-08-23 16:46:36
redhatcve
redhatcve
CVE-2021-23440
2021-09-16 15:05:30
CVE-2019-10747
2020-04-07 17:03:44
debiancve
debiancve
CVE-2021-23440
2021-09-12 13:15:07
CVE-2019-10747
2019-08-23 17:15:13
ibm
ibm
nessus
nessus
Fedora 30 : nodejs-set-value (2020-1f1c94907b)
2020-02-10 00:00:00
Fedora 31 : nodejs-set-value (2020-582515fa8a)
2020-02-10 00:00:00
RHEL 8 : nodejs-set-value (Unpatched Vulnerability)
2024-05-11 00:00:00
nodejs
nodejs
Prototype Pollution
2019-06-20 14:35:11
mageia
mageia
Updated nodejs-set-value packages fix security vulnerability
2020-05-27 03:46:12
fedora
fedora
[SECURITY] Fedora 30 Update: nodejs-set-value-2.0.1-1.fc30
2020-02-08 01:39:55
[SECURITY] Fedora 31 Update: nodejs-set-value-2.0.1-1.fc31
2020-02-08 02:05:37
veracode
veracode
Prototype Pollution
2019-06-21 02:48:50
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0230)
2022-01-28 00:00:00
Fedora: Security Advisory for nodejs-set-value (FEDORA-2020-582515fa8a)
2020-02-08 00:00:00
Fedora: Security Advisory for nodejs-set-value (FEDORA-2020-1f1c94907b)
2020-02-08 00:00:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Set-Value Project Set-Value
2020-12-01 09:18:57
oraclelinux
oraclelinux
nodejs:12 security update
2021-02-20 00:00:00
almalinux
almalinux
Moderate: nodejs:12 security update
2021-02-16 07:34:29
redhat
redhat
(RHSA-2021:0485) Moderate: rh-nodejs12-nodejs security update
2021-02-11 13:08:55
(RHSA-2021:0549) Moderate: nodejs:12 security update
2021-02-16 07:34:29
rocky
rocky
nodejs:12 security update
2021-02-16 07:34:29
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00