0.004 Low
EPSS
Percentile
72.6%
fast-json-patch is vulnerable to prototype pollution. The vulnerability exists in the applyOperation function of core.js, due to the improper checks for the key variable which allows an attacker to modify object prototype attributes.
applyOperation
core.js
key
github.com/Starcounter-Jack/JSON-Patch/commit/7ad6af41eabb2d799f698740a91284d762c955c9
github.com/Starcounter-Jack/JSON-Patch/pull/262
github.com/Starcounter-Jack/JSON-Patch/releases/tag/3.1.1
vuldb.com/?ctiid.216778
vuldb.com/?id.216778