Description
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
Remediation
References
https://hackerone.com/reports/430291
Related Vulnerabilities
CVE-2022-34115 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2021-23354 Vulnerability in npm package printf
CVE-2020-8124 Vulnerability in maven package org.webjars.npm:url-parse
CVE-2020-26299 Vulnerability in npm package ftp-srv
CVE-2023-35145 Vulnerability in maven package org.jenkins-ci.plugins:sonargraph-integration