CVE-2022-25862 – sds

Package

Manager: npm
Name: sds
Vulnerable Version: >=0 <=4.4.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00218 pctl0.44425

Details

Prototype Pollution in sds This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to CVE-2020-7618

Metadata

Created: 2022-05-14T00:01:08Z
Modified: 2022-05-25T22:53:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-ph28-wwfj-fv7f/GHSA-ph28-wwfj-fv7f.json
CWE IDs: ["CWE-1321"]
Alternative ID: GHSA-ph28-wwfj-fv7f
Finding: F390
Auto approve: 1