Set Value Project

set-value_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Set Value

set-value

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-23440 2Oracle Set Value Project 2Communications Cloud Native Core Policy Set Value Nov 21, 2024 Sep 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
CVE-2019-10747 1Set Value Project 1Set Value Nov 21, 2024 Aug 23, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _p...Show more set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-23440

2Oracle

Set Value Project

2Communications Cloud Native Core Policy

Set Value

Nov 21, 2024

Sep 12, 2021

N/A· v4

9.8 CRITICAL· v3

7.5 HIGH· v2

This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

CVE-2019-10747

1Set Value Project

1Set Value

Nov 21, 2024

Aug 23, 2019

N/A· v4

9.8 CRITICAL· v3

7.5 HIGH· v2

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _p...Show more