Description
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
Remediation
References
https://hackerone.com/reports/430291
Related Vulnerabilities
CVE-2020-28472 Vulnerability in maven package org.webjars.npm:aws-sdk
CVE-2021-29484 Vulnerability in npm package ghost
CVE-2017-16008 Vulnerability in maven package org.webjars.npm:i18next
CVE-2019-19466 Vulnerability in npm package sceditor
CVE-2019-10323 Vulnerability in maven package org.jenkins-ci.plugins:artifactory