sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1321,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sds_project | sds | * |
This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| report@snyk.io | 4.0 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L | 1.4 | 2.5 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1321,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sds_project | sds | * |