Critical severityNVD Advisory· Published Aug 23, 2019· Updated Aug 4, 2024
CVE-2019-10747
CVE-2019-10747
Description
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
set-valuenpm | < 2.0.1 | 2.0.1 |
set-valuenpm | >= 3.0.0, < 3.0.1 | 3.0.1 |
Affected products
4- set-value/set-valuedescription
- ghsa-coords3 versions
< 2.0.1+ 2 more
- (no CPE)range: < 2.0.1
- (no CPE)range: < 2.0.3-1.module_el8.4.0+2521+c668cc9f
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-4g88-fppr-53ppghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2019-10747ghsaADVISORY
- github.com/jonschlinkert/set-value/commit/95e9d9923f8a8b4a01da1ea138fcc39ec7b6b15fghsaWEB
- github.com/jonschlinkert/set-value/commit/cb12f14955dde6e61829d70d1851bfea6a3c31adghsaWEB
- lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292%40%3Cdev.drat.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3EghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AVghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OTghsaWEB
- snyk.io/vuln/SNYK-JS-SETVALUE-450213ghsax_refsource_MISCWEB
- www.npmjs.com/advisories/1012ghsaWEB
News mentions
0No linked articles in our index yet.