EPSS
Percentile
80.7%
object-path-set is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the isValidKey function of index.js and modify attributes such as __proto__, constructor, and prototype.
isValidKey
index.js
__proto__
constructor
prototype
github.com/advisories/GHSA-h6pr-c536-6rjg
github.com/skratchdot/object-path-set/blob/577f5299fed15bb9edd11c940ff3cf0b9f4748d5/index.js%23L8
github.com/skratchdot/object-path-set/commit/2d67a714159c4099589b6661fa84e6d2adc31761