CVE-2020-7618

MEDIUM

sds < 3.2.0 - Prototype Pollution via set Function

Title source: llm

Description

sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://snyk.io/vuln/SNYK-JS-SDS-564123

Third Party Advisory x_refsource_misc

https://github.com/monsterkodi/sds/blob/master/js/set.js#L31

View Writeup ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0111

EPSS Percentile 61.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-1321

Status published

Products (2)

npm/sds 0 - 4.0.0npm

sds_project/sds < 3.2.0

Published Apr 07, 2020

Tracked Since Feb 18, 2026