High severity7.3NVD Advisory· Published Nov 6, 2023· Updated Jun 17, 2026
CVE-2023-45827
CVE-2023-45827
Description
Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code execution (RCE). This issue has been addressed in commit 98daf567 which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@clickbar/dot-divernpm | < 1.0.2 | 1.0.2 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/clickbar/dot-diver/commit/98daf567390d816fd378ec998eefe2e97f293d5anvdPatchWEB
- github.com/advisories/GHSA-9w5f-mw3p-pj47ghsaADVISORY
- github.com/clickbar/dot-diver/security/advisories/GHSA-9w5f-mw3p-pj47nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-45827ghsaADVISORY
- github.com/clickbar/dot-diver/commit/9790834cf4c2bca75db00e588e58056dacaf602fghsaWEB
News mentions
0No linked articles in our index yet.