Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Information Disclosure
Prototype Pollution
Dottie
NVD
GitHub
CVSS 3.1
7.5
EPSS
1.1%