CVE-2023-45827

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-45827

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45827.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-45827

Aliases

GHSA-9w5f-mw3p-pj47

Published

2023-11-06T17:25:43Z

Modified

2025-10-30T20:22:54.215676Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Prototype Pollution vulnerability in @clickbar/dot-diver

Details

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code execution (RCE). This issue has been addressed in commit 98daf567 which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-1321"
    ]
}

References

Affected packages

Git / github.com/clickbar/dot-diver

Affected ranges

Type: GIT
Repo: https://github.com/clickbar/dot-diver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8345b0e9ed38de4df753f1ddc8864ff733d9cdf3

Affected versions

1.*

1.0.0

1.0.1