Main Vulnerability Database SB2020122923

SB2020122923 - Improper Control of Dynamically-Managed Code Resources in lukeed dset

Published: December 29, 2020 Updated: June 29, 2022

Security Bulletin ID SB2020122923

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Control of Dynamically-Managed Code Resources (CVE-ID: CVE-2020-28277)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to prototype pollution in dset. A remote unauthenticated attacker can cause a denial of service and may lead to remote code execution.

Remediation

Install update from vendor's website.

References

https://github.com/lukeed/dset/blob/50a6ead172d1466a96035eff00f8eb465ccd050a/src/index.js#L6
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28277