EPSS
Percentile
40.7%
pathval is vulnerable to prototype pollution. The function parsePath allows an attacker to get control of value of “path” and modify attributes such as __proto__, constructor and prototype.
parsePath
__proto__
constructor
prototype
github.com/chaijs/pathval/commit/21a9046cfa0c2697cb41990f3b4316db410e6c8a
github.com/chaijs/pathval/pull/58/
github.com/chaijs/pathval/pull/58/files