Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5Y2YtcHIyeC01Mjcz

Moderate EPSS: 0.00352% (0.56766 Percentile) EPSS:
Permalink JSON

Prototype Pollution in dot-object

Affected Packages Affected Versions Fixed Versions
npm:dot-object < 2.1.3 2.1.3
531 Dependent packages
11,286 Dependent repositories
1,867,028 Downloads last month

Affected Version Ranges

All affected versions

0.3.0, 0.4.0, 0.4.1, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.10.0, 0.11.0, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.6.0, 1.7.0, 1.7.1, 1.8.0, 1.8.1, 1.9.0, 2.0.0, 2.1.0, 2.1.1, 2.1.2

All unaffected versions

2.1.3, 2.1.4, 2.1.5

dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a proto payload.

References:

Identifiers

GHSA-j9cf-pr2x-5273

CVE-2019-10793

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00352

EPSS Percentile: 0.56766

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/rhalff/dot-object

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON