dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a proto payload.
CPE | Name | Operator | Version |
---|---|---|---|
dot-object | eq | 0.7.0 | |
dot-object | eq | 1.6.0 | |
dot-object | eq | 0.9.0 | |
dot-object | eq | 1.0.0 | |
dot-object | eq | 0.2.0 | |
dot-object | eq | 0.10.0 | |
dot-object | eq | 0.2.1 | |
dot-object | eq | 1.3.0 | |
dot-object | eq | 0.8.0 | |
dot-object | eq | 1.5.0 |