Vulnerability	Vulnerable Version
H Prototype Pollution shvl is a Get and set dot-notated properties within an object Affected versions of this package are vulnerable to Prototype Pollution due to an incomplete fix not protecting against the `constructor.prototype` vector. POC `var shvl = require("shvl") let obj = {} console.log("Before: " + {}.polluted) shvl.set(obj, 'constructor.prototype.polluted', 'Polluted') console.log("After: " + {}.polluted)` How to fix Prototype Pollution? Upgrade `shvl` to version 3.0.0 or higher.	<3.0.0
H Prototype Pollution shvl is a Get and set dot-notated properties within an object Affected versions of this package are vulnerable to Prototype Pollution. It allows an attacker to cause a denial of service and may lead to remote code execution. How to fix Prototype Pollution? Upgrade `shvl` to version 2.0.2 or higher.	>=1.0.0 <2.0.2

Prototype Pollution

shvl is a Get and set dot-notated properties within an object

Affected versions of this package are vulnerable to Prototype Pollution due to an incomplete fix not protecting against the constructor.prototype vector.

POC

var shvl = require("shvl")
let obj = {}
console.log("Before: " + {}.polluted)
shvl.set(obj, 'constructor.prototype.polluted', 'Polluted')
console.log("After: " + {}.polluted)

How to fix Prototype Pollution?

Upgrade shvl to version 3.0.0 or higher.

<3.0.0

Prototype Pollution

shvl is a Get and set dot-notated properties within an object

Affected versions of this package are vulnerable to Prototype Pollution. It allows an attacker to cause a denial of service and may lead to remote code execution.

How to fix Prototype Pollution?

Upgrade shvl to version 2.0.2 or higher.

>=1.0.0 <2.0.2

Go back to all versions of this package