Prototype Pollution Vulnerability in v0.9.3: CVE-2023-26139

## Description

I have discovered a Prototype Pollution vulnerability in `underscore-keypath` version v0.9.3. This vulnerability is identified as CVE-2023-26139 and poses potential security risks.

## Details

- **Affected Version**: `underscore-keypath` v0.9.3
- **CVE**: CVE-2023-26139
- **Impact**: Prototype Pollution allows an attacker to inject arbitrary properties into existing objects. This can lead to various types of security vulnerabilities, including unauthorized code execution or bypassing security checks.

## Steps to Reproduce

1. Install the `underscore-keypath` module with the version v0.9.3.
2. Run `npm audit` in the project directory.

The audit report should highlight the security vulnerability related to CVE-2023-26139.

Thank you.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Prototype Pollution Vulnerability in v0.9.3: CVE-2023-26139 #8

Description

Details

Steps to Reproduce

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Prototype Pollution Vulnerability in v0.9.3: CVE-2023-26139 #8

Description

Description

Details

Steps to Reproduce

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions