Vulnerabilities > CVE-2020-28273 - Unspecified vulnerability in Set-In Project Set-In

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

set-in-project

critical

NVD

Published: 2020-12-02

Updated: 2024-11-21

Summary

Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Set-In_Project SET IN Project SET IN 1.0.0 SET IN Project SET IN 1.1.0 SET IN Project SET IN 1.1.1 SET IN Project SET IN 2.0.0	4

References

https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88
https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88
https://www.whitesourcesoftware.com/vulnerability-database
https://www.whitesourcesoftware.com/vulnerability-database
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273