Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmaDUtOHdxOC13M3dy

Prototype Pollution in unflatten

All versions of unflatten are vulnerable to prototype pollution. The function unflatten does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Permalink: https://github.com/advisories/GHSA-6fh5-8wq8-w3wr
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmaDUtOHdxOC13M3dy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: over 1 year ago

Identifiers: GHSA-6fh5-8wq8-w3wr
References:

Blast Radius: 0.0

Affected Packages

npm:unflatten

Dependent packages: 13
Dependent repositories: 17
Downloads: 13,804 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: 0.0.1, 0.0.2, 1.0.2, 1.0.3, 1.0.4