CVE-2022-25354

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-25354
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25354.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-25354
Aliases
Related
  • SNYK-JS-SETIN-2388571
Published
2022-03-17T12:15:08Z
Modified
2025-10-15T13:51:30.880687Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273

References

Affected packages

Git / github.com/ahdinosaur/set-in

Affected ranges

Type
GIT
Repo
https://github.com/ahdinosaur/set-in
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6bad255961d379e4b1f5fbc52ef9dc8420816f24

Affected versions

1.*

1.1.0
1.1.1

v2.*

v2.0.0
v2.0.1
v2.0.2