0.006 Low
EPSS
Percentile
77.9%
doc-path is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties into existing construct prototypes and modify attributes such as __proto__, constructor and prototype.
__proto__
constructor
prototype
github.com/mrodrig/doc-path/blob/2.1.2/src/path.js#L55-L69
github.com/mrodrig/doc-path/blob/stable/src/path.js%23L54
github.com/mrodrig/doc-path/commit/3e2bb168cf303bffcd7fae5f8d05e5300c1541c7