VulnerableCode Package Details - pkg:npm/set-value@3.0.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-eq42-z92a-ffet Aliases: CVE-2021-23440 GHSA-4jqc-8m5r-9rpr	Access of Resource Using Incompatible Type (Type Confusion) This affects the package set-value A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.	3.0.3 Affected by 0 other vulnerabilities. 4.0.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-eq42-z92a-ffet
Aliases:
CVE-2021-23440
GHSA-4jqc-8m5r-9rpr

Access of Resource Using Incompatible Type (Type Confusion) This affects the package set-value A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

3.0.3
Affected by 0 other vulnerabilities.

4.0.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cu35-t78a-wfcj	Prototype Pollution in set-value Versions of `set-value` prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The `set` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `set-value` 3.x, upgrade to version 3.0.1 or later. If you are using `set-value` 2.x, upgrade to version 2.0.1 or later.	CVE-2019-10747 GHSA-4g88-fppr-53pp

Vulnerability

Summary

Aliases

VCID-cu35-t78a-wfcj

Prototype Pollution in set-value Versions of `set-value` prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The `set` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `set-value` 3.x, upgrade to version 3.0.1 or later. If you are using `set-value` 2.x, upgrade to version 2.0.1 or later.

CVE-2019-10747
GHSA-4g88-fppr-53pp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:30:59.761706+00:00	GitLab Importer	Affected by	VCID-eq42-z92a-ffet	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/set-value/CVE-2021-23440.yml	38.4.0
2026-04-16T20:56:55.525890+00:00	GitLab Importer	Fixing	VCID-cu35-t78a-wfcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/set-value/CVE-2019-10747.yml	38.4.0
2026-04-11T22:44:07.781378+00:00	GitLab Importer	Affected by	VCID-eq42-z92a-ffet	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/set-value/CVE-2021-23440.yml	38.3.0
2026-04-11T22:07:56.987627+00:00	GitLab Importer	Fixing	VCID-cu35-t78a-wfcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/set-value/CVE-2019-10747.yml	38.3.0
2026-04-02T22:54:11.274804+00:00	GitLab Importer	Affected by	VCID-eq42-z92a-ffet	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/set-value/CVE-2021-23440.yml	38.1.0
2026-04-02T22:20:41.806096+00:00	GitLab Importer	Fixing	VCID-cu35-t78a-wfcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/set-value/CVE-2019-10747.yml	38.1.0
2026-04-01T17:12:26.473510+00:00	GitLab Importer	Affected by	VCID-eq42-z92a-ffet	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/set-value/CVE-2021-23440.yml	38.0.0
2026-04-01T16:38:28.005017+00:00	GitLab Importer	Fixing	VCID-cu35-t78a-wfcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/set-value/CVE-2019-10747.yml	38.0.0
2026-04-01T15:57:39.624031+00:00	GHSA Importer	Fixing	VCID-cu35-t78a-wfcj	https://github.com/advisories/GHSA-4g88-fppr-53pp	38.0.0
2026-04-01T13:04:27.176937+00:00	GithubOSV Importer	Fixing	VCID-cu35-t78a-wfcj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-4g88-fppr-53pp/GHSA-4g88-fppr-53pp.json	38.0.0