All versions of package dset are vulnerable to Prototype Pollution via dset/merge mode, as the dset function checks for prototype pollution by validating if the top-level path contains proto, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution.
Weakness
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dset | Dset_project | * | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/1.html
- https://cwe.mitre.org/data/definitions/180.html
- https://cwe.mitre.org/data/definitions/77.html
References
- https://github.com/lukeed/dset/blob/master/src/merge.js%23L9
- https://github.com/lukeed/dset/pull/38
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2431974
- https://snyk.io/vuln/SNYK-JS-DSET-2330881
- https://github.com/lukeed/dset/blob/master/src/merge.js%23L9
- https://github.com/lukeed/dset/pull/38
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2431974
- https://snyk.io/vuln/SNYK-JS-DSET-2330881