CVE-2022-25352 — Prototype Pollution in Project Libnested

CWE-1321 — Prototype Pollution3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 32.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libnested Project Libnested

Timeline

PublishedMar 17

Latest updateMar 18

Description

The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDlibnested_project/libnested< 1.5.2

▶npmlibnested_project/libnested< 1.5.2

Patches

Patch: github.com ↗Patch: snyk.io ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Prototype Pollution in libnested↗2022-03-18

▶

OSV

Prototype Pollution in libnested↗2022-03-18

▶