You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /node_modules/set-value/package.json
Dependency Hierarchy:
babel-jest-22.0.3.tgz (Root Library)
babel-plugin-istanbul-4.1.6.tgz
test-exclude-4.2.1.tgz
micromatch-3.1.10.tgz
snapdragon-0.8.2.tgz
base-0.11.2.tgz
cache-base-1.0.1.tgz
❌ set-value-2.0.0.tgz (Vulnerable Library)
Found in base branch: master
Vulnerability Details
Mend Note: After conducting further research, Mend has determined that all versions of set-value before versions 2.0.1, 4.0.1 are vulnerable to CVE-2021-23440.
mend-bolt-for-githubbot
changed the title
CVE-2021-23440 (High) detected in set-value-0.4.3.tgz, set-value-2.0.0.tgz
CVE-2021-23440 (Critical) detected in set-value-0.4.3.tgz, set-value-2.0.0.tgz
Dec 18, 2023
CVE-2021-23440 - Critical Severity Vulnerability
Vulnerable Libraries - set-value-0.4.3.tgz, set-value-2.0.0.tgz
set-value-0.4.3.tgz
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
Library home page: https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz
Path to dependency file: /wagtail/package.json
Path to vulnerable library: /node_modules/union-value/node_modules/set-value/package.json
Dependency Hierarchy:
set-value-2.0.0.tgz
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
Library home page: https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz
Path to dependency file: /wagtail/package.json
Path to vulnerable library: /node_modules/set-value/package.json
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Mend Note: After conducting further research, Mend has determined that all versions of set-value before versions 2.0.1, 4.0.1 are vulnerable to CVE-2021-23440.
Publish Date: 2021-09-12
URL: CVE-2021-23440
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/
Release Date: 2021-09-12
Fix Resolution (set-value): 2.0.1
Direct dependency fix Resolution (babel-jest): 22.0.4
Fix Resolution (set-value): 2.0.1
Direct dependency fix Resolution (babel-jest): 22.0.4
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: