What the vulnerability does

01Description

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Key dates

02Disclosure timeline

February 4, 2020 CVE published
August 4, 2024 Record updated