Vulnerabilities > CVE-2021-23497 - Unspecified vulnerability in SET Project SET 1.0.0/1.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
References
- https://github.com/strikeentco/set/commit/b2f942c
- https://github.com/strikeentco/set/commit/b2f942c
- https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation/
- https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation/
- https://snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-2385945
- https://snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-2385945