Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
{ "nvd_published_at": "2020-02-04T20:15:00Z", "cwe_ids": [ "CWE-1321", "CWE-425", "CWE-471" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-07-29T20:51:37Z" }