Vulnerability	Vulnerable Version
H Prototype Pollution libnested is a package with basic functions (map, each, get, set, keys) for nested objects. Affected versions of this package are vulnerable to Prototype Pollution via the `set` function in `index.js`. Note: This vulnerability derives from an incomplete fix for CVE-2020-28283 PoC: `const libnested = require('libnested'); libnested.set({}, [ ['__proto__'], 'polluted' ], 'yes'); console.log({}.polluted);` How to fix Prototype Pollution? Upgrade `libnested` to version 1.5.2 or higher.	<1.5.2
H Prototype Pollution libnested is a package with basic functions (map, each, get, set, keys) for nested objects. Affected versions of this package are vulnerable to Prototype Pollution. It allows an attacker to cause a denial of service and may lead to remote code execution. How to fix Prototype Pollution? Upgrade `libnested` to version 1.5.1 or higher.	<1.5.1

Prototype Pollution

libnested is a package with basic functions (map, each, get, set, keys) for nested objects.

Affected versions of this package are vulnerable to Prototype Pollution via the set function in index.js.

Note: This vulnerability derives from an incomplete fix for CVE-2020-28283

PoC:

 const libnested = require('libnested');
 libnested.set({}, [
     ['__proto__'],
     'polluted'
 ], 'yes');
 console.log({}.polluted);

How to fix Prototype Pollution?

Upgrade libnested to version 1.5.2 or higher.

<1.5.2

Prototype Pollution

libnested is a package with basic functions (map, each, get, set, keys) for nested objects.

Affected versions of this package are vulnerable to Prototype Pollution. It allows an attacker to cause a denial of service and may lead to remote code execution.

How to fix Prototype Pollution?

Upgrade libnested to version 1.5.1 or higher.

<1.5.1

Go back to all versions of this package