Vulnerability Details CVE-2020-28273
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88
- https://www.whitesourcesoftware.com/vulnerability-database
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273
- https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88
- https://www.whitesourcesoftware.com/vulnerability-database
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273
Products affected by CVE-2020-28273
-
cpe:2.3:a:set-in_project:set-in:1.0.0
-
cpe:2.3:a:set-in_project:set-in:1.1.0
-
cpe:2.3:a:set-in_project:set-in:1.1.1
-
cpe:2.3:a:set-in_project:set-in:2.0.0