Severity: high

Prototype Pollution

dot-prop

Overview

Versions of dot-prop before 4.2.1 or 5.1.1 are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.

Remediation

Upgrade to version 4.2.1, 5.1.1 or later.

Resources

Have content suggestions? Visit npmjs.com/support.

Advisory timeline

  1. published

    Advisory Published
    Jul 29th, 2020
  2. reported

    Reported by Siwoo Mun
    Oct 14th, 2019