arupex (>=0.4.0 <=0.4.4), captain-ahab (=1.0.0) +11 more potentially affected by unknown CVE via deep-setter (=1.0.2)

deep-setter NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on deep-setter and may be impacted: - arupex =0.4.0, =2.3.4, =3.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.18, =0.0.7, =0.0.1, =0.0.6 Source cves: unknown CVE Source advisory:...

GHSA-9QRG-H9G8-C65Q Prototype Pollution in deep-setter

All versions of deep-setter are vulnerable to prototype pollution. The package does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Consider usin...

Prototype Pollution in deep-setter

All versions of deep-setter are vulnerable to prototype pollution. The package does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Consider usin...

Prototype Pollution

Overview All versions of deep-setter are vulnerable to prototype pollution. The package does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...