Description
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
Remediation
References
https://hackerone.com/reports/430291
Related Vulnerabilities
CVE-2010-5312 Vulnerability in npm package jquery-ui
CVE-2022-24279 Vulnerability in npm package madlib-object-utils
CVE-2022-24802 Vulnerability in npm package deepmerge-ts
CVE-2017-1000042 Vulnerability in npm package mapbox.js
CVE-2022-24819 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates