Search
Find a vulnerability
Search criteria
2 vulnerabilities by sds_project
CVE-2022-25862 (GCVE-0-2022-25862)
Vulnerability from cvelistv5 – Published: 2022-05-13 20:05 – Updated: 2024-09-16 19:20
VLAI
Title
Prototype Pollution
Summary
This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)
Severity
CWE
- Prototype Pollution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-SDS-2385944 | x_refsource_MISC |
| https://github.com/monsterkodi/sds/blob/master/js… | x_refsource_MISC |
Date Public
2022-05-13 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SDS-2385944"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sds",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "P.Adithya Srinivas"
},
{
"lang": "en",
"value": "Masudul Hasan Masud Bhuiyan"
},
{
"lang": "en",
"value": "Cristian-Alexandru Staicu"
}
],
"datePublic": "2022-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T20:05:10.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SDS-2385944"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js"
}
],
"title": "Prototype Pollution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-05-13T20:00:10.508289Z",
"ID": "CVE-2022-25862",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sds",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "P.Adithya Srinivas"
},
{
"lang": "eng",
"value": "Masudul Hasan Masud Bhuiyan"
},
{
"lang": "eng",
"value": "Cristian-Alexandru Staicu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-SDS-2385944",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SDS-2385944"
},
{
"name": "https://github.com/monsterkodi/sds/blob/master/js/set.js",
"refsource": "MISC",
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25862",
"datePublished": "2022-05-13T20:05:11.030Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:20:38.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7618 (GCVE-0-2020-7618)
Vulnerability from cvelistv5 – Published: 2020-04-07 13:22 – Updated: 2024-08-04 09:33
VLAI
Summary
sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.
Severity
No CVSS data available.
CWE
- Prototype Pollution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-SDS-564123 | x_refsource_MISC |
| https://github.com/monsterkodi/sds/blob/master/js… | x_refsource_MISC |
Date Public
2020-04-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SDS-564123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js#L31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sds",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions including 3.2.0"
}
]
}
],
"datePublic": "2020-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the \u0027Object.prototype\u0027 by abusing the \u0027set\u0027 function located in \u0027js/set.js\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T13:22:49.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SDS-564123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js#L31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sds",
"version": {
"version_data": [
{
"version_value": "All versions including 3.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the \u0027Object.prototype\u0027 by abusing the \u0027set\u0027 function located in \u0027js/set.js\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-SDS-564123",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SDS-564123"
},
{
"name": "https://github.com/monsterkodi/sds/blob/master/js/set.js#L31",
"refsource": "MISC",
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js#L31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7618",
"datePublished": "2020-04-07T13:22:49.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}