Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains __proto__, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
N/A
Vulnerability Title
Lukeed Dset 安全漏洞
Vulnerability Description
Lukeed Dset是Lukeed个人开发者的一个基于Javascript语言可对字典类型对象进行赋值的代码库。 Lukeed Dset 所有版本存在安全漏洞,攻击者利用该漏洞通过制造一个恶意对象,可实现原型污染攻击。
CVSS Information
N/A
Vulnerability Type
N/A