{"id":"GHSA-23wx-cgxq-vpwx","summary":"Prototype Pollution in dset","details":"All versions of `dset` prior to 3.1.2 are vulnerable to Prototype Pollution via `dset/merge` mode, as the `dset` function checks for prototype pollution by validating if the top-level path contains `__proto__`, `constructor` or `prototype`. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution.","aliases":["CVE-2022-25645"],"modified":"2023-11-08T04:08:47.532216Z","published":"2022-05-03T00:00:45Z","database_specific":{"github_reviewed_at":"2022-05-20T20:13:33Z","cwe_ids":["CWE-1321"],"nvd_published_at":"2022-05-01T16:15:00Z","severity":"MODERATE","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25645"},{"type":"PACKAGE","url":"https://github.com/lukeed/dset"},{"type":"WEB","url":"https://github.com/lukeed/dset/blob/master/src/merge.js%23L9"},{"type":"WEB","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2431974"},{"type":"WEB","url":"https://snyk.io/vuln/SNYK-JS-DSET-2330881"}],"affected":[{"package":{"name":"dset","ecosystem":"npm","purl":"pkg:npm/dset"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.1.2"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-23wx-cgxq-vpwx/GHSA-23wx-cgxq-vpwx.json"}},{"package":{"name":"org.webjars.npm:dset","ecosystem":"Maven","purl":"pkg:maven/org.webjars.npm/dset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.2"}]}],"versions":["3.0.0","3.1.0","3.1.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-23wx-cgxq-vpwx/GHSA-23wx-cgxq-vpwx.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L"}]}