deep-get-set is used to set and obtain values on objects via dotted strings. deep-get-set package in all versions suffers from a prototype pollution vulnerability that stems from the vulnerability of products to uncontrolled modification of object prototype properties. An attacker could exploit this vulnerability to override the JavaScript application object prototype.