{"id":"CVE-2023-26106","details":"All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.\r\r","aliases":["GHSA-rmhg-2cvv-q7vx"],"modified":"2026-03-14T11:59:29.941619Z","published":"2023-03-06T05:15:12.200Z","references":[{"type":"WEB","url":"https://github.com/jb55/dot-lens/blob/465ef2088e4065b7be1c4372eedd2215c3820bc4/index.js%23L70"},{"type":"EVIDENCE","url":"https://security.snyk.io/vuln/SNYK-JS-DOTLENS-3227646"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jb55/dot-lens","events":[{"introduced":"0"},{"last_affected":"4dbcf3ca290dcf4feaa45dbec2e32ade6770f13e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2.3"}]}}],"versions":["1.0.0","1.1.0","1.1.1","1.2.0","1.2.1","1.2.2","1.2.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26106.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}