Prototype Pollution in dottie package (versions before 2.0.4) via set() function and current variable in dottie.js

Prototype Pollution in dottie package (versions before 2.0.4) via set() function and current variable in dottie.js

CVE-2023-26132 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.

Learn more about our Web Application Penetration Testing UK.