Search criteria
2 vulnerabilities by sds_project
CVE-2022-25862 (GCVE-0-2022-25862)
Vulnerability from cvelistv5 – Published: 2022-05-13 20:05 – Updated: 2024-09-16 19:20
VLAI?
Title
Prototype Pollution
Summary
This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)
Severity ?
CWE
- Prototype Pollution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
P.Adithya Srinivas
Masudul Hasan Masud Bhuiyan
Cristian-Alexandru Staicu
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SDS-2385944"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sds",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "P.Adithya Srinivas"
},
{
"lang": "en",
"value": "Masudul Hasan Masud Bhuiyan"
},
{
"lang": "en",
"value": "Cristian-Alexandru Staicu"
}
],
"datePublic": "2022-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T20:05:10",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SDS-2385944"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js"
}
],
"title": "Prototype Pollution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-05-13T20:00:10.508289Z",
"ID": "CVE-2022-25862",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sds",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "P.Adithya Srinivas"
},
{
"lang": "eng",
"value": "Masudul Hasan Masud Bhuiyan"
},
{
"lang": "eng",
"value": "Cristian-Alexandru Staicu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-SDS-2385944",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SDS-2385944"
},
{
"name": "https://github.com/monsterkodi/sds/blob/master/js/set.js",
"refsource": "MISC",
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25862",
"datePublished": "2022-05-13T20:05:11.030472Z",
"dateReserved": "2022-02-24T00:00:00",
"dateUpdated": "2024-09-16T19:20:38.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7618 (GCVE-0-2020-7618)
Vulnerability from cvelistv5 – Published: 2020-04-07 13:22 – Updated: 2024-08-04 09:33
VLAI?
Summary
sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.
Severity ?
No CVSS data available.
CWE
- Prototype Pollution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SDS-564123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js#L31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sds",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions including 3.2.0"
}
]
}
],
"datePublic": "2020-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the \u0027Object.prototype\u0027 by abusing the \u0027set\u0027 function located in \u0027js/set.js\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T13:22:49",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SDS-564123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js#L31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sds",
"version": {
"version_data": [
{
"version_value": "All versions including 3.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the \u0027Object.prototype\u0027 by abusing the \u0027set\u0027 function located in \u0027js/set.js\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-SDS-564123",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SDS-564123"
},
{
"name": "https://github.com/monsterkodi/sds/blob/master/js/set.js#L31",
"refsource": "MISC",
"url": "https://github.com/monsterkodi/sds/blob/master/js/set.js#L31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7618",
"datePublished": "2020-04-07T13:22:49",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}