set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| set-value(npm) | 0 | 2.0.1 | N/A |
| set-value(npm) | 3.0.0 | 3.0.1 | N/A |
CVSS Metrics
