CVE-2023-26139

underscore-keypath packages of version 0.0.11 and later are affected by a Prototype Pollution vulnerability in the setProperty() function via the name argument. Improper input sanitization allows strings such as proto to contaminate object prototypes, with the impact described as potential global...