This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| json-ptr(npm) | 0 | 2.1.0 | N/A |
CVSS Metrics
