underscore-keypath@0.9.2 vulnerabilities

Adds Key-Path mechanism extensions for underscore

Direct Vulnerabilities

Known vulnerabilities in the underscore-keypath package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Prototype Pollution

underscore-keypath is a mechanism extensions for underscore (mixin).

underscore-keypath let you access JavaScript objects and arrays with keypath easily.

Affected versions of this package are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”.

How to fix Prototype Pollution?

There is no fixed version for underscore-keypath.

>=0.0.11