widdershins@3.6.7

Vulnerabilities 1 via 1 paths
Dependencies 148
Source npm
Package widdershins

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
medium severity

Arbitrary Code Injection

  • Vulnerable module: dot
  • Introduced through: dot@1.1.3

Detailed paths

  • Introduced through: widdershins@3.6.7 dot@1.1.3

Overview

dot is a fastest and concise JavaScript templating function with emphasis on performance under V8 and nodejs. It shows great performance for both nodejs and browsers.

Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can inject code to the template, or if a Prototype Pollution-like vulnerability can be exploited to alter an Object's prototype, the template compilation may execute arbitrary commands.

Remediation

There is no fixed version for dot.

References