VDB
KO
MEDIUM 5.6

GHSA-6g47-63mv-qpgh

Prototype Pollution in dotty

Details

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / dotty
Introduced in: 0 Fixed in: 0.1.2
Fix npm install dotty@0.1.2

References