Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4bTMtMjg0cC1xYzR2

Prototype Pollution in sds

Affected versions of sds are vulnerable to prototype pollution. The set function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.

Recommendation

Upgrade to version 4.0.0 or later

Permalink: https://github.com/advisories/GHSA-cxm3-284p-qc4v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4bTMtMjg0cC1xYzR2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 3 years ago
Updated: over 1 year ago

CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Identifiers: GHSA-cxm3-284p-qc4v, CVE-2020-7618
References:

Repository: https://github.com/monsterkodi/sds
Blast Radius: 1.6

Affected Packages

npm:sds

Dependent packages: 8
Dependent repositories: 2
Downloads: 115 last month
Affected Version Ranges: < 4.0.0
Fixed in: 4.0.0
All affected versions: 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.12, 1.2.13, 1.2.17, 1.2.20, 1.2.22, 1.3.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.15, 1.4.16, 1.4.17, 1.4.18, 1.4.19, 1.4.21, 1.4.22, 1.4.23, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.8.1, 1.9.0, 1.9.1, 1.11.0, 1.12.0, 1.14.0, 1.14.1, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.2.0
All unaffected versions: 4.0.0, 4.1.1, 4.2.0, 4.3.0, 4.4.0