VDB
KO
CRITICAL 9.8

GHSA-x5m8-2r8v-8f97

Prototype Pollution in libnested

Details

The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930)

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / libnested
Introduced in: 0 Fixed in: 1.5.2
Fix npm install libnested@1.5.2

References