Description
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.
Remediation
References
https://hackerone.com/reports/380878
Related Vulnerabilities
CVE-2021-3189 Vulnerability in npm package slashify
CVE-2021-4279 Vulnerability in maven package org.webjars.bower:fast-json-patch
CVE-2022-25940 Vulnerability in npm package lite-server
CVE-2021-21172 Vulnerability in npm package electron
CVE-2019-13000 Vulnerability in maven package fr.acinq.eclair:eclair-core_2.11