Vulnerability	Vulnerable Version
H Prototype Pollution set-or-get is a Sets or gets an object field value. Affected versions of this package are vulnerable to Prototype Pollution. There is an absence of validation in the `field` and `def` arguments. This allows an attacker to supply a malicious value by adjusting the `field` value to include the `__proto__` property. Since there is no validation before assigning property to check whether the assigned `field` is the `Object`'s own property or not, the property `isAdmin` will be directly assigned to the empty obj (`{}`), and by that polluting the `Object` prototype. If there is a check to validate `isAdmin`, the value would be substituted as `true` as it had been polluted. How to fix Prototype Pollution? Upgrade `set-or-get` to version 1.2.11 or higher.	>=1.0.0 <1.2.11

Prototype Pollution

set-or-get is a Sets or gets an object field value.

Affected versions of this package are vulnerable to Prototype Pollution. There is an absence of validation in the field and def arguments. This allows an attacker to supply a malicious value by adjusting the field value to include the __proto__ property. Since there is no validation before assigning property to check whether the assigned field is the Object's own property or not, the property isAdmin will be directly assigned to the empty obj ({}), and by that polluting the Object prototype. If there is a check to validate isAdmin, the value would be substituted as true as it had been polluted.

How to fix Prototype Pollution?

Upgrade set-or-get to version 1.2.11 or higher.

>=1.0.0 <1.2.11

Go back to all versions of this package