Prototype Pollution Vulnerability in Set-Object-Value by React Atomic Organism
CVE-2020-28281

9.8CRITICAL

Key Information:

Vendor: Set-object-value Project
Status: Set-object-value
Vendor: CVE Published:; 29 December 2020

🔔 Create Set-object-value Project Vulnerability Alert

What is CVE-2020-28281?

A prototype pollution vulnerability exists in the 'set-object-value' library versions 0.0.0 through 0.0.5, which can be exploited by an attacker. This vulnerability can lead to denial of service conditions, and in certain scenarios, it may allow unauthorized execution of remote code. Developers using this library should take immediate action to mitigate potential risks by updating to a fixed version.

Affected Version(s)

set-object-value 0.0.0, 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5

References

https://github.com/react-atomic/react-atomic-organism/blo...

x_refsource_MISC

https://www.whitesourcesoftware.com/vulnerability-databas...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 29, 2020
Vulnerability Reserved
Nov 6, 2020

JSON