A vulnerability, which was classified as critical, was found in dset up to 3.1.3. Affected is the function dset. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

This vulnerability is traded as CVE-2024-21529. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.