CVE-2022-25862

HIGH Year: 2022
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-1321
View all →

Vulnerability Description

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)

Related Vulnerabilities

CVE-2019-10745

HIGH
CVSS:7.5(High)

assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using eit...

CWE-13212019

CVE-2019-10768

HIGH
CVSS:7.5(High)

In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.

CWE-13212019

CVE-2019-16328

HIGH
CVSS:7.5(High)

In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.

CWE-13212019

CVE-2020-24939

HIGH
CVSS:7.5(High)

Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation.

CWE-13212020

CVE-2020-28268

HIGH
CVSS:7.5(High)

Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution.

CWE-13212020

CVE-2020-7792

HIGH
CVSS:7.5(High)

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing e...

CWE-13212020