EPSS
Percentile
69.0%
libnested is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the set function in the index.js and modify attributes such as __proto__, constructor, and prototype.
set
index.js
__proto__
constructor
prototype
github.com/advisories/GHSA-x5m8-2r8v-8f97
github.com/dominictarr/libnested/blob/master/index.js%23L22
github.com/dominictarr/libnested/commit/c1129865d75fbe52b5a4f755ad3110ca5420f2e1