Irrelon/irrelon-path

Irrelon/irrelon-path

GitHubGitHub
GitHubgithub.com
Releases0
Stars6
A powerful JSON path processor. Allows you to drill into JSON objects with a simple dot-delimited path format e.g. "obj.name"
Log in to subscribe

CVE History

CVEPublishedCVSS v3CVSS v2
CVE-2020-7708
9.8 CRITICAL7.5 HIGH

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions.