underscore-keypath icon indicating copy to clipboard operation
underscore-keypath copied to clipboard

Published 20 hours ago verified publisher icon jeeeyul

Prototype Pollution Vulnerability in v0.9.3: CVE-2023-26139

Open mdwekat opened this issue 1 year ago • 0 comments

Description

I have discovered a Prototype Pollution vulnerability in underscore-keypath version v0.9.3. This vulnerability is identified as CVE-2023-26139 and poses potential security risks.

Details

  • Affected Version: underscore-keypath v0.9.3
  • CVE: CVE-2023-26139
  • Impact: Prototype Pollution allows an attacker to inject arbitrary properties into existing objects. This can lead to various types of security vulnerabilities, including unauthorized code execution or bypassing security checks.

Steps to Reproduce

  1. Install the underscore-keypath module with the version v0.9.3.
  2. Run npm audit in the project directory.

The audit report should highlight the security vulnerability related to CVE-2023-26139.

Thank you.

mdwekat avatar Aug 10 '23 00:08 mdwekat