Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoODItZ3FoNi05eGo5

Prototype Pollution in get-setter

All versions of get-setter are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Permalink: https://github.com/advisories/GHSA-ch82-gqh6-9xj9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoODItZ3FoNi05eGo5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 3 years ago
Updated: 11 months ago

Identifiers: GHSA-ch82-gqh6-9xj9
References:

Affected Packages

npm:get-setter

Versions: >= 0.0.0
No known fixed version