just-safe-set 2.0.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the just-safe-set package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Prototype Pollution just-safe-set is a part of a library of zero-dependency npm modules that do just do one thing. Affected versions of this package are vulnerable to Prototype Pollution via type confusion. If the property key is `[__proto__]` then the allocated key will also be `__proto__`. How to fix Prototype Pollution? Upgrade `just-safe-set` to version 4.0.2 or higher.	<4.0.2
H Prototype Pollution just-safe-set is a part of a library of zero-dependency npm modules that do just do one thing. Affected versions of this package are vulnerable to Prototype Pollution. The function `set()` does not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or is able to manipulate the property which leads to DoS or potentially RCE. PoC `var justSafeSet = require("just-safe-set") var obj = {} console.log("Before: " + {}.polluted); justSafeSet(obj,'__proto__.polluted','polluted'); console.log("After: " + {}.polluted);` How to fix Prototype Pollution? Upgrade `just-safe-set` to version 2.2.2 or higher.	>=1.0.0 <2.2.2

Vulnerability

Vulnerable Version

Prototype Pollution

just-safe-set is a part of a library of zero-dependency npm modules that do just do one thing.

Affected versions of this package are vulnerable to Prototype Pollution via type confusion. If the property key is [__proto__] then the allocated key will also be __proto__.

How to fix Prototype Pollution?

Upgrade just-safe-set to version 4.0.2 or higher.

<4.0.2

Prototype Pollution

just-safe-set is a part of a library of zero-dependency npm modules that do just do one thing.

Affected versions of this package are vulnerable to Prototype Pollution. The function set() does not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or is able to manipulate the property which leads to DoS or potentially RCE.

PoC

var justSafeSet = require("just-safe-set")
var obj = {}
console.log("Before: " + {}.polluted);
justSafeSet(obj,'__proto__.polluted','polluted');
console.log("After: " + {}.polluted);

How to fix Prototype Pollution?

Upgrade just-safe-set to version 2.2.2 or higher.

>=1.0.0 <2.2.2

just-safe-set@2.0.0 vulnerabilities

set value at property, create intermediate properties if necessary

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically

PoC