Michael Williams

3 exploits Active since Dec 2020
CVE-2022-25352 WRITEUP HIGH WRITEUP
libnested < 1.5.2 - Prototype Pollution via set Function
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930)
CVSS 7.5
CVE-2022-25354 WRITEUP HIGH WRITEUP
set-in < 2.0.3 - Prototype Pollution via setIn Method
The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049)
CVSS 8.6
CVE-2020-28273 WRITEUP CRITICAL WRITEUP
set-in 1.0.0-2.0.0 - Prototype Pollution
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
CVSS 9.8