Description
All versions of getsetdeep are vulnerable to prototype pollution. The setDeep() function does not restrict the modification of an Object’s prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0.0.0
References
Related Issues
- @thi.ng/paths Prototype Pollution vulnerability - CVE-2024-29650
- tough-cookie Prototype Pollution vulnerability - CVE-2023-26136
- angular Prototype Pollution vulnerability - CVE-2019-10768
- Prototype Pollution in lodash.mergewith - Vulnerability
You might also like:
- Tags:
- npm
- getsetdeep
Anything's wrong? Let us know Last updated on January 09, 2023


