Security Vulnerability: CVE-2023-26139 underscore-keypath Prototype Pollution

## Description

I have identified a security vulnerability in one of the dependencies used by `user-agents` v1.0.1444. The dependency `underscore-keypath` is vulnerable to Prototype Pollution, as described in CVE-2023-26139.

## Details

- **Affected Version**: `user-agents` v1.0.1444
- **Vulnerable Dependency**: underscore-keypath
- **CVE**: CVE-2023-26139
- **Impact**: Prototype Pollution can allow an attacker to inject arbitrary properties into existing objects. This can lead to various types of security vulnerabilities such as bypassing security checks or potentially unauthorized execution of code.

## Steps to Reproduce

1. Install the `user-agents` package using npm with the version v1.0.1444.
2. Run `npm audit` in the project directory.

Thank you for your attention to this matter.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security Vulnerability: CVE-2023-26139 underscore-keypath Prototype Pollution #63

Description

Details

Steps to Reproduce

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Vulnerability: CVE-2023-26139 underscore-keypath Prototype Pollution #63

Description

Description

Details

Steps to Reproduce

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions