CVE-2024-21529

ADVISORY - github

Summary

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the objects in the program.

EPSS Score⁠: 0.00043 (0.103)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1321⁠

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

ADVISORY - github

CWE-1321⁠

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-1321⁠

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-1321⁠

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Impacted images

Advisories

NIST

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-21529⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.2high

GitHub

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDGHSA-f6v4-cf5j-vf3w⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.2high

GitLab

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CVE-2024-21529

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-1321⁠CWE-937⁠

CVSS SCORE

8.2high

Red Hat

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-21529⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.2high