High severity8.2GHSA Advisory· Published May 28, 2026· Updated Jun 1, 2026
CVE-2026-46509
CVE-2026-46509
Description
deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not be exposed as user input. This vulnerability is fixed in 1.0.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@ranfdev/deepobjnpm | < 1.0.3 | 1.0.3 |
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.