CVE-2022-25354

Summary

The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273

Affected Software

VendorProductVersion RangeStatus
n/aset-inunspecified < 2.0.3affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References