nested-property@2.0.0-beta1 vulnerabilities

Read, write or test a data structure's nested property via a string like 'my.nested.property'. It works through arrays and objects.'

Direct Vulnerabilities

Known vulnerabilities in the nested-property package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Prototype Pollution

nested-property is a Traverse a deeply nested JS data structure to get, set values, or test if values are part of the data structure. Nested property offers a simple syntax to define a path to access a value with.

Affected versions of this package are vulnerable to Prototype Pollution. Is vulnerable when it performs a set operation for nested objects

How to fix Prototype Pollution?

Upgrade nested-property to version 3.0.0 or higher.

<3.0.0