The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-1321,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| irrelon | irrelon-path | * |
| irrelon | @irrelon/path | * |