CVE-2024-21529

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Sep 11, 2024
CWE ID 1321

Summary

CVE-2024-21529 identifies a vulnerability in versions of the dset package prior to 3.1.4, which is susceptible to Prototype Pollution due to inadequate user input sanitization. This flaw allows attackers to inject malicious object properties using the built-in Object property proto, impacting all objects in the application. Affected products include various implementations of the dset package, which could lead to high integrity impacts within an organization. To remediate this vulnerability, users should upgrade to dset version 3.1.4 or later. The potential danger lies in the low complexity of exploitation and the high severity rating, which poses significant risks if left unaddressed.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share