Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
object-path 安全漏洞
Vulnerability Description
object-path是个人开发者的一个可以通过路径访问数据结构中变量的 Npm 库。 object-path-set 1.0.2之前版本存在安全漏洞,该漏洞源于软件很容易通过setPath方法受到Prototype Pollution的攻击,允许攻击者可利用该漏洞将对象原型合并到包中。
CVSS Information
N/A
Vulnerability Type
N/A