GHSA-2M53-83F3-562J Prototype pollution in min-dash

Impact The set method is vulnerable to prototype pollution with specially crafted inputs. javascript // insert the following into poc.js and run node poc,js after installing the package let parser = require"min-dash"; parser.set, "proto", "polluted", "success"; console.logpolluted; Patches...

CVE-2021-23460 Prototype Pollution

The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types...