CVE-2023-45827

Name of the Vulnerable Software and Affected Versions dot-diver versions prior to 1.0.2

Description The issue is related to a Prototype Pollution vulnerability in the setByPath function, which can lead to remote code execution (RCE). This vulnerability allows an attacker to modify object attributes, potentially enabling them to execute arbitrary code. The vulnerability is present in versions prior to 1.0.2 of the dot-diver library.

Recommendations For versions prior to 1.0.2, upgrade to release 1.0.2 or later to address the Prototype Pollution vulnerability in the setByPath function. As a temporary workaround, consider restricting the use of the setByPath function until a patch is applied.