Description
I have discovered a Prototype Pollution vulnerability in underscore-keypath version v0.9.3. This vulnerability is identified as CVE-2023-26139 and poses potential security risks.
Details
- Affected Version:
underscore-keypath v0.9.3
- CVE: CVE-2023-26139
- Impact: Prototype Pollution allows an attacker to inject arbitrary properties into existing objects. This can lead to various types of security vulnerabilities, including unauthorized code execution or bypassing security checks.
Steps to Reproduce
- Install the
underscore-keypath module with the version v0.9.3.
- Run
npm audit in the project directory.
The audit report should highlight the security vulnerability related to CVE-2023-26139.
Thank you.
Description
I have discovered a Prototype Pollution vulnerability in
underscore-keypathversion v0.9.3. This vulnerability is identified as CVE-2023-26139 and poses potential security risks.Details
underscore-keypathv0.9.3Steps to Reproduce
underscore-keypathmodule with the version v0.9.3.npm auditin the project directory.The audit report should highlight the security vulnerability related to CVE-2023-26139.
Thank you.