set-or-get@1.1.0 vulnerabilities

Sets or gets an object field value.

latest version

1.2.11
latest non vulnerable version

1.2.11
first published

9 years ago
latest version published

3 years ago
licenses detected
- MIT
  >=0
View set-or-get package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the set-or-get package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Prototype Pollution set-or-get is a Sets or gets an object field value. Affected versions of this package are vulnerable to Prototype Pollution. There is an absence of validation in the `field` and `def` arguments. This allows an attacker to supply a malicious value by adjusting the `field` value to include the `__proto__` property. Since there is no validation before assigning property to check whether the assigned `field` is the `Object`'s own property or not, the property `isAdmin` will be directly assigned to the empty obj (`{}`), and by that polluting the `Object` prototype. If there is a check to validate `isAdmin`, the value would be substituted as `true` as it had been polluted. How to fix Prototype Pollution? Upgrade `set-or-get` to version 1.2.11 or higher.	>=1.0.0 <1.2.11

Prototype Pollution

set-or-get is a Sets or gets an object field value.

Affected versions of this package are vulnerable to Prototype Pollution. There is an absence of validation in the field and def arguments. This allows an attacker to supply a malicious value by adjusting the field value to include the __proto__ property. Since there is no validation before assigning property to check whether the assigned field is the Object's own property or not, the property isAdmin will be directly assigned to the empty obj ({}), and by that polluting the Object prototype. If there is a check to validate isAdmin, the value would be substituted as true as it had been polluted.

How to fix Prototype Pollution?

Upgrade set-or-get to version 1.2.11 or higher.

>=1.0.0 <1.2.11

Go back to all versions of this package

set-or-get@1.1.0 vulnerabilities

Sets or gets an object field value.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities