24 matches found
CVE-2020-7715
CVE-2020-7715 affects the npm package deep-get-set . The vulnerability is a prototype pollution flaw in the main function, arising from an incomplete fix, allowing an attacker to pollute Object.prototype (e.g., via the key path "proto " or related paths). Affected versions are those before the re...
CVE-2020-7715 Prototype Pollution
All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function...
PT-2020-19737 · Npm · Deep-Get-Set
Name of the Vulnerable Software and Affected Versions: deep-get-set versions prior to 1.1.1 Description: The issue concerns Prototype Pollution via the main function. Recommendations: For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue...
Prototype Pollution
Overview deep-get-set is a Set and get values on objects via dot-notation strings. Affected versions of this package are vulnerable to Prototype Pollution via the main function. POC: const deep = require'deep-get-set'; deep, 'proto', 'polluted', true; console.logpolluted; Details Prototype...