deep-get-set is vulnerable to prototype pollution. The vulnerability exists as the main
function does not restrict __proto__
, constructor
and prototype
headers to be set in objects.
CPE | Name | Operator | Version |
---|---|---|---|
deep-get-set | le | 1.0.0 | |
deep-get-set | le | 1.1.0 | |
deep-get-set | le | 1.0.0 | |
deep-get-set | le | 1.1.0 |