-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe advisory explicitly identifies module.exports.unflattenJSON in index.js:42 as the vulnerable entry point. The PoC demonstrates prototype pollution through proto manipulation via this function. The vulnerability stems from unsafe property assignment without prototype validation, as shown in the unflattenJSON implementation handling nested keys.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| @allanlancioni/flatten-json | npm | <= 1.0.1 |