Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2026-26021
- EPSS 0.03%
- Veröffentlicht 11.02.2026 21:18:50
- Zuletzt bearbeitet 13.02.2026 21:43:27
set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1, < 2.0.5). Despite a previous fix that attempted to mitigate prototype pollution by c...
9.8
CVE-2022-25354
- EPSS 0.73%
- Veröffentlicht 17.03.2022 12:15:08
- Zuletzt bearbeitet 21.11.2024 06:52:03
The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security....
9.8
CVE-2020-28273
- EPSS 3.86%
- Veröffentlicht 02.12.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:22:32
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
1