CVE-2024-21529
Published: 11 September 2024
Summary
CVE-2024-21529 is a high-severity Prototype Pollution (CWE-1321) vulnerability in Snyk (inferred from references). Its CVSS base score is 8.2 (High).
Operationally, ranked at the 23.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-2781
Vulnerability details
Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively…
more
assigned to all the objects in the program.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.