deoxxa/dotty

Releases4

Frequency2 years 9 months

Last Release over 5 years ago

Stars126

Access properties of nested objects using dot-path notation

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-23624 ↗	Nov 3, 2021Wednesday, 3 November 2021, 18:15	5.6 MEDIUM	7.5 HIGH
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.
CVE-2021-25912 ↗	Feb 2, 2021Tuesday, 2 February 2021, 19:15	9.8 CRITICAL	7.5 HIGH
Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.