dob-object is vulnerable to prototype pollution. Lack of object validation allows an attacker to inject arbitrary Object properties which can potentially lead to execution of arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
dot-object | le | 2.1.2 | |
dot-object | le | 2.1.2 | |
dot-object | le | 1.5.0 |