The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2022-02-04T20:05:18.907962Z
Updated: 2024-09-17T03:54:51.495Z
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23507
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-04T20:15:08.467
Modified: 2024-11-21T05:51:48.497
Link: CVE-2021-23507
Redhat
No data.