Vulnerabilities > CVE-2022-25862 - Unspecified vulnerability in SDS Project SDS

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

sds-project

NVD

Published: 2022-05-13

Updated: 2024-11-21

Summary

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)

Vulnerable Configurations

Part	Description	Count
Application	Sds_Project SDS Project SDS *	1

References

https://github.com/monsterkodi/sds/blob/master/js/set.js
https://github.com/monsterkodi/sds/blob/master/js/set.js
https://snyk.io/vuln/SNYK-JS-SDS-2385944
https://snyk.io/vuln/SNYK-JS-SDS-2385944