CVE-2019-10747

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.

Versions of `set-value` prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The `set` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `set-value` 3.x, upgrade to version 3.0.1 or later. If you are using `set-value` 2.x, upgrade to version 2.0.1 or later.

Versions of `set-value` prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The `set` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `set-value` 3.x, upgrade to version 3.0.1 or later. If you are using `set-value` 2.x, upgrade to version 2.0.1 or later.

set-value es vulnerable a Prototype Pollution en versiones anteriores a 2.0.1 y la versión 3.0.0. La función mixin-deep podría ser engañada para agregar o modificar propiedades de Object.prototype usando cualquiera de las cargas útiles de constructor, prototipo y _proto_ payloads.