Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-11-06T17:25:43.774Z
Updated: 2023-11-06T17:25:43.774Z
Reserved: 2023-10-13T12:00:50.439Z
Link: CVE-2023-45827
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-06T18:15:08.467
Modified: 2023-11-14T17:10:21.330
Link: CVE-2023-45827
JSON object: View
Redhat Information
No data.
CWE