Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2MzUteHFnNy1mOTJy
set-getter Prototype Pollution Vulnerability
Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
Permalink: https://github.com/advisories/GHSA-jv35-xqg7-f92rJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2MzUteHFnNy1mOTJy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 3 years ago
Updated: 8 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-jv35-xqg7-f92r, CVE-2021-25949
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-25949
- https://github.com/doowb/set-getter/blob/5bc2750fe1c3db9651d936131be187744111378d/index.js#L56
- https://github.com/doowb/set-getter/commit/66eb3f0d4686a4a8c7c3d6f7ecd8e570b580edc4
- https://web.archive.org/web/20210615022308/https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25949
- https://github.com/advisories/GHSA-jv35-xqg7-f92r
Blast Radius: 48.1
Affected Packages
npm:set-getter
Dependent packages: 25Dependent repositories: 81,775
Downloads: 2,462,050 last month
Affected Version Ranges: < 0.1.1
Fixed in: 0.1.1
All affected versions: 0.1.0
All unaffected versions: 0.1.1