CVE-2023-26106: dot-lens vulnerable to Prototype Pollution

March 6, 2023 (updated November 7, 2023)

All versions of the package dot-lens is vulnerable to Prototype Pollution via the set() function in index.js file.

References

github.com/advisories/GHSA-rmhg-2cvv-q7vx
github.com/jb55/dot-lens/blob/465ef2088e4065b7be1c4372eedd2215c3820bc4/index.js
nvd.nist.gov/vuln/detail/CVE-2023-26106
security.snyk.io/vuln/SNYK-JS-DOTLENS-3227646

Code Behaviors & Features

Detect and mitigate CVE-2023-26106 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →