All versions of dset
prior to 3.1.2 are vulnerable to Prototype Pollution via dset/merge
mode, as the dset
function checks for prototype pollution by validating if the top-level path contains __proto__
, constructor
or prototype
. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution.
{ "nvd_published_at": "2022-05-01T16:15:00Z", "github_reviewed_at": "2022-05-20T20:13:33Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-1321" ] }