CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25354 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2022-25354
The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049) El paquetes set-in versiones anteriores a 2.0.3, es vulnerable a una Contaminación de Prototipos por medio del método setIn, ya que permite a un atacante fusionar prototipos de objetos en él. **Nota:** Esta vulnerabilidad deriva de una corrección incompleta de [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049) • https://github.com/ahdinosaur/set-in/blob/dfc226d95cce8129de6708661e06e0c2c06f3490/index.js%23L5 https://github.com/ahdinosaur/set-in/commit/6bad255961d379e4b1f5fbc52ef9dc8420816f24 https://snyk.io/vuln/SNYK-JS-SETIN-2388571 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 1CVE-2020-28273
https://notcve.org/view.php?id=CVE-2020-28273
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. Una vulnerabilidad de contaminación del prototipo en "set-in" versiones 1.0.0 hasta 2.0.0, permite a un atacante causar una denegación de servicio y puede conllevar a una ejecución de código remota • https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88 https://www.whitesourcesoftware.com/vulnerability-database https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273 •