Описание
Prototype pollution not blocked by object-path related utilities in hoolock
Impact
Utility functions related to object paths (get, set and update) did not block attempts to access or alter object prototypes.
Patches
The get, set and update functions will throw a TypeError when a user attempts to access or alter inherited properties in versions >=2.2.1.
Пакеты
hoolock
>= 2.0.0, < 2.2.1
2.2.1
Связанные уязвимости
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties.