expand-object@0.3.7 vulnerabilities

Expand a string into a JavaScript object using a simple notation. Use the CLI or as a node.js lib.

latest version

0.4.2

first published

10 years ago

latest version published

9 years ago

licenses detected

MIT
>=0

View expand-object package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the expand-object package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Prototype Pollution expand-object is an Expand a string into a JavaScript object using a simple notation. Use the CLI or as a node.js lib. Affected versions of this package are vulnerable to Prototype Pollution in the `expand()` function in `index.js`. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like `__proto__`. How to fix Prototype Pollution? There is no fixed version for `expand-object`.	>=0.0.0

Prototype Pollution

expand-object is an Expand a string into a JavaScript object using a simple notation. Use the CLI or as a node.js lib.

Affected versions of this package are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.

How to fix Prototype Pollution?

There is no fixed version for expand-object.

>=0.0.0

Go back to all versions of this package