All versions of
dset prior to 3.1.2 are vulnerable to Prototype Pollution via
dset/merge mode, as the
dset function checks for prototype pollution by validating if the top-level path contains
prototype. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution.