deep-get-set is vulnerable to prototype pollution. The vulnerability exists due to an incomplete fix of CVE-2020-7715, allowing an attacker to get control of value of “deep” and modify attributes such as __proto__
, constructor
and prototype
. .
CPE | Name | Operator | Version |
---|---|---|---|
deep-get-set | eq | 1.1.1 | |
deep-get-set | eq | 1.1.1 |