NodeJS/set-value/3.0.1
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
https://www.npmjs.com/package/set-value
MIT
1 Security Vulnerabilities
Prototype Pollution in set-value
Published date: 2021-09-13T20:09:36Z
CVE: CVE-2021-23440
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-23440
- https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
- https://github.com/jonschlinkert/set-value/pull/33
- https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212
- https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541
- https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://github.com/jonschlinkert/set-value/pull/33/commits/383b72d47c74a55ae8b6e231da548f9280a4296a
- https://github.com/jonschlinkert/set-value/commit/cb12f14955dde6e61829d70d1851bfea6a3c31ad
- https://github.com/jonschlinkert/set-value/commit/09c4b108fea3c0260008590053ff13da64913245
This affects the package set-value
. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
Affected versions:
["3.0.0", "3.0.1", "3.0.2", "4.0.0", "0.1.0", "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.6", "0.2.0", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "1.0.0", "2.0.0"]
Secure versions:
[2.0.1, 4.0.1, 4.1.0, 3.0.3]
Recommendation:
Update to version 4.1.0.
25 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
4.1.0 | MIT | 2021-09-12 - 09:09 | over 2 years | |
4.0.1 | MIT | 2021-09-12 - 07:35 | over 2 years | |
4.0.0 | MIT | 1 | 2021-04-28 - 05:03 | about 3 years |
3.0.3 | MIT | 2022-08-16 - 16:46 | over 1 year | |
3.0.2 | MIT | 1 | 2020-04-01 - 20:57 | about 4 years |
3.0.1 | MIT | 1 | 2019-06-19 - 18:08 | almost 5 years |
3.0.0 | MIT | 2 | 2018-03-05 - 23:47 | about 6 years |
2.0.1 | MIT | 2019-06-24 - 21:06 | almost 5 years | |
2.0.0 | MIT | 2 | 2017-06-21 - 05:47 | almost 7 years |
1.0.0 | MIT | 2 | 2017-05-19 - 19:17 | almost 7 years |
0.4.3 | MIT | 2 | 2017-02-22 - 21:44 | about 7 years |
0.4.2 | MIT | 2 | 2017-02-13 - 05:28 | about 7 years |
0.4.1 | MIT | 2 | 2017-02-13 - 05:24 | about 7 years |
0.4.0 | MIT | 2 | 2016-09-05 - 14:39 | over 7 years |
0.3.3 | MIT | 2 | 2016-01-19 - 10:42 | over 8 years |
0.3.2 | MIT | 2 | 2015-12-11 - 00:55 | over 8 years |
0.3.1 | MIT | 2 | 2015-11-09 - 23:10 | over 8 years |
0.3.0 | MIT | 2 | 2015-10-30 - 19:45 | over 8 years |
0.2.0 | MIT | 2 | 2015-05-12 - 08:42 | almost 9 years |
0.1.6 | MIT | 2 | 2015-04-07 - 00:43 | about 9 years |
0.1.4 | MIT | 2 | 2015-04-02 - 09:24 | about 9 years |
0.1.3 | MIT | 2 | 2015-03-26 - 00:41 | about 9 years |
0.1.2 | MIT | 2 | 2015-03-25 - 19:48 | about 9 years |
0.1.1 | MIT | 2 | 2015-03-25 - 09:28 | about 9 years |
0.1.0 | MIT | 2 | 2015-03-25 - 01:45 | about 9 years |