Description
This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821
Remediation
References
https://github.com/strikeentco/set/commit/b2f942c
https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation/
https://snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-2385945
Related Vulnerabilities
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:sbt
CVE-2021-42567 Vulnerability in maven package org.apereo.cas:cas-server-core-services
CVE-2023-6460 Vulnerability in npm package @google-cloud/firestore
CVE-2020-7749 Vulnerability in npm package osm-static-maps
CVE-2022-2564 Vulnerability in maven package org.webjars.npm:mongoose