CVE-2024-21529 — HIGH (8.2)

Vulnerability Description

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

LOW

Related Weaknesses (CWE)

CWE-1321

References

FAQ

What is CVE-2024-21529?

CVE-2024-21529 is a vulnerability with a CVSS score of 8.2 (HIGH). Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious o...

How severe is CVE-2024-21529?

CVE-2024-21529 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-21529?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.