CVE-2023-26132

Published June 10th, 2023

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.

mickhansen/dottie.js

Fast and safe nested object access and manipulation in JavaScript

GitHub

256