@clickbar/dot-diver@1.0.0 vulnerabilities

Types and utilities to access object properties by dot notation.

latest version

1.0.6
latest non vulnerable version

1.0.6
first published

a year ago
latest version published

2 months ago
licenses detected
- MIT
  >=0
View @clickbar/dot-diver package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @clickbar/dot-diver package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Prototype Pollution @clickbar/dot-diver is a Types and utilities to access object properties by dot notation. Affected versions of this package are vulnerable to Prototype Pollution in the `setByPath` function. An attacker can manipulate the prototype of an object and inject arbitrary properties into existing JavaScript objects by passing a malicious object. How to fix Prototype Pollution? Upgrade `@clickbar/dot-diver` to version 1.0.3 or higher.	<1.0.3

Prototype Pollution

@clickbar/dot-diver is a Types and utilities to access object properties by dot notation.

Affected versions of this package are vulnerable to Prototype Pollution in the setByPath function. An attacker can manipulate the prototype of an object and inject arbitrary properties into existing JavaScript objects by passing a malicious object.

How to fix Prototype Pollution?

Upgrade @clickbar/dot-diver to version 1.0.3 or higher.

<1.0.3

Go back to all versions of this package

@clickbar/dot-diver@1.0.0 vulnerabilities

Types and utilities to access object properties by dot notation.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities