@strikeentco/set@1.0.1 vulnerabilities

Set nested values on an object using a dot path or custom separator

Direct Vulnerabilities

Known vulnerabilities in the @strikeentco/set package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Prototype Pollution

Affected versions of this package are vulnerable to Prototype Pollution. It allows an attacker to cause a denial of service and may lead to remote code execution.

Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821

How to fix Prototype Pollution?

Upgrade @strikeentco/set to version 1.0.2 or higher.