Vulnerabilities > CVE-2020-28281 - Unspecified vulnerability in Set-Object-Value Project Set-Object-Value

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

set-object-value-project

NVD

Published: 2020-12-29

Updated: 2020-12-30

Summary

Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Set-Object-Value_Project SET Object Value Project SET Object Value 0.0.0 SET Object Value Project SET Object Value 0.0.1 SET Object Value Project SET Object Value 0.0.2 SET Object Value Project SET Object Value 0.0.3 SET Object Value Project SET Object Value 0.0.4 SET Object Value Project SET Object Value 0.0.5	6

References

https://github.com/react-atomic/react-atomic-organism/blob/e5645a2f9e632ffdebc83d720498831e09754c22/packages/lib/set-object-value/src/index.js#L16
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28281