CVE-2020-28273

moderate-risk
Published 2020-12-02

Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.

Do I need to act?

~
3.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: e431effa00195a6f06b111e09733cd1445a91a88
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Set-In

Affected Vendors

Set-In Project

References (6)

Patch https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a9...
Third Party Advisory https://www.whitesourcesoftware.com/vulnerability-database
Exploit https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273
Patch https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a9...
Third Party Advisory https://www.whitesourcesoftware.com/vulnerability-database
Exploit https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal