Description
Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution.
Recommendation
Update the just-safe-set package to the latest compatible version. Followings are version details:
- Affected version(s): >= 1.0.0, < 2.2.2
- Patched version(s): 2.2.2
References
- GHSA-v26w-gcxh-v4r7
- www.whitesourcesoftware.com
- CVE-2021-25952
- CWE-1321
- CWE-915
- CAPEC-310
- OWASP 2021-A6
- OWASP 2021-A8
Related Issues
- Prototype Pollution in jquery-deparam - CVE-2021-20087
- files.photo.gallery command injection - CVE-2024-53615
- Potential XSS vulnerability in jQuery - CVE-2020-11023
- mapshaper Path Traversal vulnerability - CVE-2024-1163
- Tags:
- npm
- just-safe-set
Anything's wrong? Let us know Last updated on January 27, 2023