set-deep-prop@1.0.0 vulnerabilities

Set the value of a deeply nested object or array

Known vulnerabilities in the set-deep-prop package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Prototype Pollution set-deep-prop is a Set the value of a deeply nested object or array Affected versions of this package are vulnerable to Prototype Pollution via the main functionality. PoC `const setDeepProp = require('set-deep-prop'); setDeepProp({},['__proto__', 'x'], 'polluted'); console.log(({}).a); // polluted` How to fix Prototype Pollution? There is no fixed version for `set-deep-prop`.	*

set-deep-prop is a Set the value of a deeply nested object or array

Affected versions of this package are vulnerable to Prototype Pollution via the main functionality.

const setDeepProp = require('set-deep-prop');
setDeepProp({},['__proto__', 'x'], 'polluted');
console.log(({}).a); // polluted

How to fix Prototype Pollution?

There is no fixed version for set-deep-prop.