dotty@0.1.0 vulnerabilities
Access properties of nested objects using dot-path notation
-
latest version
0.1.2
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
3 years ago
-
licenses detected
- >=0.1.0
Direct Vulnerabilities
Known vulnerabilities in the dotty package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
dotty is a package that can access properties of nested objects using dot-path notation. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the PoC
How to fix Prototype Pollution? Upgrade |
<0.1.2
|
dotty is a package that can access properties of nested objects using dot-path notation. Affected versions of this package are vulnerable to Prototype Pollution. The How to fix Prototype Pollution? Upgrade |
<0.1.1
|