CVE-2019-10793
MEDIUMdot-object < 2.1.3 - Prototype Pollution via __proto__ Payload
Title source: llmDescription
dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/rhalff/dot-object/commit/f76cff5fe6d01d30ce110d8f454db2e5bd28a7de
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-DOTOBJECT-548905
Scores
CVSS v3
6.3
EPSS
0.0110
EPSS Percentile
61.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-74
Status
published
Products (2)
dot-object_project/dot-object
< 2.1.3
npm/dot-object
0 - 2.1.3npm
Published
Feb 18, 2020
Tracked Since
Feb 18, 2026