CVE-2020-7618

Name of the Vulnerable Software and Affected Versions sds versions 0.0.0 through 3.2.0

Description The issue is related to Prototype Pollution, where the library can be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. This is due to insufficient cleaning of user-provided data. The exploitation of this issue may allow an attacker to execute arbitrary code. The set function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.

Recommendations Upgrade to version 4.0.0 or later. As a temporary workaround, consider restricting access to the set function in js/set.js to minimize the risk of exploitation. Avoid using the set function until the issue is resolved.