MEDIUM SEVERITY NEW Vulnerability
Prototype Pollution
Vulnerable module: dot-prop
Introduced through: alex@5.1.0
Detailed paths
Introduced through: textlint-rule-alex@1.3.1 › alex@5.1.0 › update-notifier@2.5.0 › configstore@3.1.2 › dot-prop@4.2.0
Overview
dot-prop is a package to get, set, or delete a property from a nested object using a dot path.
Affected versions of this package are vulnerable to Prototype Pollution. It is possible for a user to modify the prototype of a base object.
MEDIUM SEVERITY NEW Vulnerability Prototype Pollution Vulnerable module: dot-prop Introduced through: alex@5.1.0
Detailed paths
Introduced through: textlint-rule-alex@1.3.1 › alex@5.1.0 › update-notifier@2.5.0 › configstore@3.1.2 › dot-prop@4.2.0 Overview dot-prop is a package to get, set, or delete a property from a nested object using a dot path.
Affected versions of this package are vulnerable to Prototype Pollution. It is possible for a user to modify the prototype of a base object.
https://app.snyk.io/vuln/SNYK-JS-DOTPROP-543489 https://app.snyk.io/test/npm/textlint-rule-alex/1.3.1
I know this is a sub dependency, but maybe you can put a little pressure on the
alex
project.