CVE-2024-21529

Name of the Vulnerable Software and Affected Versions dset versions prior to 3.1.4

Description The issue arises from improper user input sanitization in the dset function, allowing an attacker to inject malicious object properties using the built-in Object property proto. This vulnerability enables the recursive assignment of malicious properties to all objects in the program, facilitating prototype pollution.

Recommendations For versions prior to 3.1.4, update to version 3.1.4 or later to resolve the issue. As a temporary workaround, consider restricting user input to prevent exploitation of the dset function until a patch is applied. Avoid using the proto property in the dset function to minimize the risk of prototype pollution.