0.006 Low
EPSS
Percentile
78.7%
flat is vulnerable to prototype pollution. The vulnerability exists in the unflatten function of index.js, due to the improper checks for the key1 variable which allows an attacker to modify object prototype attributes.
unflatten
index.js
key1
github.com/hughsk/flat/commit/20ef0ef55dfa028caddaedbcb33efbdb04d18e13
github.com/hughsk/flat/issues/105
github.com/hughsk/flat/pull/106
github.com/hughsk/flat/releases/tag/5.0.1
vuldb.com/?ctiid.216777
vuldb.com/?id.216777