CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-24279

The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2022-24279

Springtree » Madlib-Object-Utils » Version: N/A

cpe:2.3:a:springtree:madlib-object-utils:-
Springtree » Madlib-Object-Utils » Version: 0.1.2

cpe:2.3:a:springtree:madlib-object-utils:0.1.2
Springtree » Madlib-Object-Utils » Version: 0.1.3

cpe:2.3:a:springtree:madlib-object-utils:0.1.3
Springtree » Madlib-Object-Utils » Version: 0.1.4

cpe:2.3:a:springtree:madlib-object-utils:0.1.4
Springtree » Madlib-Object-Utils » Version: 0.1.5

cpe:2.3:a:springtree:madlib-object-utils:0.1.5
Springtree » Madlib-Object-Utils » Version: 0.1.6

cpe:2.3:a:springtree:madlib-object-utils:0.1.6
Springtree » Madlib-Object-Utils » Version: 0.1.7

cpe:2.3:a:springtree:madlib-object-utils:0.1.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-24279

Products

Pricing

Contact Us