Описание
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-set-value | fixed | 3.0.1-3 | package | |
| node-set-value | fixed | 3.0.1-2+deb11u1 | bullseye | package |
| node-set-value | not-affected | buster | package | |
| node-set-value | end-of-life | stretch | package |
Примечания
https://github.com/jonschlinkert/set-value/commit/383b72d47c74a55ae8b6e231da548f9280a4296a (v4.0.1)
https://github.com/jonschlinkert/set-value/pull/33
EPSS
Связанные уязвимости
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
Уязвимость модуля Node Set-value, связанная с ошибками преобразования типов данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS