CVE-2022-25862

Опубликовано: 13 мая 2022

Источник: nvd

CVSS3: 4

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618

Ссылки

https://github.com/monsterkodi/sds/blob/master/js/set.js
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-SDS-2385944
Exploit
Third Party Advisory
https://github.com/monsterkodi/sds/blob/master/js/set.js
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-SDS-2385944
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sds_project:sds:*:*:*:*:*:node.js:*:*

EPSS

Процентиль: 46%

0.0023

Низкий

4 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

GHSA-ph28-wwfj-fv7f

CVSS3: 7.5

github

больше 3 лет назад

Prototype Pollution in sds

EPSS

Процентиль: 46%

0.0023

Низкий

4 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-1321