Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype pollution in set-in
Vulnerability Description
set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1, < 2.0.5). Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using Array.prototype. This has been fixed in version 2.0.5.
CVSS Information
N/A
Vulnerability Type
CWE-1321
Vulnerability Title
set-in 安全漏洞
Vulnerability Description
set-in是Mikey个人开发者的一个JavaScript库。 set-in 2.0.1至2.0.5之前版本存在安全漏洞,该漏洞源于对用户输入检查不足,可能导致通过特制输入污染Object.prototype的原型污染攻击。
CVSS Information
N/A
Vulnerability Type
N/A