Prototype Pollution in arr-flatten-unflatten

2021-05-0618:11:39

Google

osv.dev

0.005 Low

EPSS

Percentile

77.0%

All versions of package arr-flatten-unflatten up to and including version 1.1.4 are vulnerable to Prototype Pollution via the constructor.

CPENameOperatorVersion
arr-flatten-unflattenle1.1.4

CPE	Name	Operator	Version
	arr-flatten-unflatten	le	1.1.4

References

github.com/Quernest/arr-flatten-unflatten/commit/cb4351c75f87a4fbec3b6140c40ee2993f574372

github.com/Quernest/arr-flatten-unflatten/pull/8

nvd.nist.gov/vuln/detail/CVE-2020-7713

snyk.io/vuln/SNYK-JS-ARRFLATTENUNFLATTEN-598396

0.005 Low

EPSS

Percentile

77.0%

Related for OSV:GHSA-W8F3-PVX4-4C3H