Vulnerability	Vulnerable Version
H Prototype Pollution just-safe-set is a part of a library of zero-dependency npm modules that do just do one thing. Affected versions of this package are vulnerable to Prototype Pollution via type confusion. If the property key is `[__proto__]` then the allocated key will also be `__proto__`. How to fix Prototype Pollution? Upgrade `just-safe-set` to version 4.0.2 or higher.	<4.0.2
H Prototype Pollution just-safe-set is a part of a library of zero-dependency npm modules that do just do one thing. Affected versions of this package are vulnerable to Prototype Pollution. The function `set()` does not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or is able to manipulate the property which leads to DoS or potentially RCE. PoC `var justSafeSet = require("just-safe-set") var obj = {} console.log("Before: " + {}.polluted); justSafeSet(obj,'__proto__.polluted','polluted'); console.log("After: " + {}.polluted);` How to fix Prototype Pollution? Upgrade `just-safe-set` to version 2.2.2 or higher.	>=1.0.0 <2.2.2

Prototype Pollution

just-safe-set is a part of a library of zero-dependency npm modules that do just do one thing.

Affected versions of this package are vulnerable to Prototype Pollution via type confusion. If the property key is [__proto__] then the allocated key will also be __proto__.

How to fix Prototype Pollution?

Upgrade just-safe-set to version 4.0.2 or higher.

<4.0.2

Prototype Pollution

just-safe-set is a part of a library of zero-dependency npm modules that do just do one thing.

Affected versions of this package are vulnerable to Prototype Pollution. The function set() does not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or is able to manipulate the property which leads to DoS or potentially RCE.

PoC

var justSafeSet = require("just-safe-set")
var obj = {}
console.log("Before: " + {}.polluted);
justSafeSet(obj,'__proto__.polluted','polluted');
console.log("After: " + {}.polluted);

How to fix Prototype Pollution?

Upgrade just-safe-set to version 2.2.2 or higher.

>=1.0.0 <2.2.2

Go back to all versions of this package