Description
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
Remediation
References
https://hackerone.com/reports/430291
Related Vulnerabilities
CVE-2020-26217 Vulnerability in maven package xstream:xstream
CVE-2022-25296 Vulnerability in npm package bodymen
CVE-2020-7614 Vulnerability in npm package npm-programmatic
CVE-2017-16096 Vulnerability in npm package serveryaozeyan
CVE-2023-0674 Vulnerability in maven package com.xuxueli:xxl-job-core