2 matches found
CVE-2020-7715
CVE-2020-7715 affects the npm package deep-get-set . The vulnerability is a prototype pollution flaw in the main function, arising from an incomplete fix, allowing an attacker to pollute Object.prototype (e.g., via the key path "proto " or related paths). Affected versions are those before the re...
CVE-2022-21231
CVE-2022-21231 affects the deep-get-set package; all versions are vulnerable to prototype pollution via the deep function. The vulnerability stems from an incomplete fix of CVE-2020-7715. The available references describe the issue as a prototype pollution risk that could allow modification of Ob...