set-value
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting set-valuepage 1 of 1
- CVE-2019-10747CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.0.12019-08-23
vulnerable: 3.0.0
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.
- CVE-2021-23440HIGHCVSS 7.3EG 7.3✓ Fixed in 3.0.32021-09-12
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
Check whether set-value is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for set-value CVEs against the assets you own.
Start Free Scan →