Severity: high

    Prototype Pollution

    dot-prop

    Overview

    Versions of dot-prop before 4.2.1 or 5.1.1 are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.

    Remediation

    Upgrade to version 4.2.1, 5.1.1 or later.

    Resources

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Jul 29th, 2020
    2. reported

      Reported by Siwoo Mun
      Oct 14th, 2019