Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
CWE-1321
Vulnerability Title
Lukeed dset 安全漏洞
Vulnerability Description
Lukeed Dset是Lukeed个人开发者的一个基于Javascript语言可对字典类型对象进行赋值的代码库。 Lukeed dset 3.1.4之前版本存在安全漏洞,该漏洞源于用户输入清理不当,容易受到原型污染,允许攻击者使用内置对象属性__proto__注入恶意对象属性。
CVSS Information
N/A
Vulnerability Type
N/A