Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package dset, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2020-28277 — CVSS 9.8 (critical): Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to…
CVE-2024-21529 — CVSS 8.2 (high): Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization…
CVE-2022-25645 — CVSS 6.5 (medium): All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype…