CVE-2021-23507 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23507
The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908 El paquete object-path-set versiones anteriores a 1.0.2, es vulnerable a una Contaminación de Prototipos por medio del método setPath, ya que permite a un atacante fusionar prototipos de objetos en él. *Nota:* Esta vulnerabilidad deriva de una corrección incompleta en https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908 • https://github.com/skratchdot/object-path-set/blob/577f5299fed15bb9edd11c940ff3cf0b9f4748d5/index.js%23L8 https://github.com/skratchdot/object-path-set/commit/2d67a714159c4099589b6661fa84e6d2adc31761 https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation https://snyk.io/vuln/SNYK-JS-OBJECTPATHSET-2388576 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •