jonschlinkert/expand-object

Releases8

Frequency1 week 5 days

Last Release almost 11 years ago

Stars26

Expand a string into a JavaScript object using a simple notation.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-3197 ↗	Apr 4, 2025Friday, 4 April 2025, 05:15	7.3 HIGH	—
Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.