Description
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
Remediation
References
https://hackerone.com/reports/390860
Related Vulnerabilities
CVE-2023-37460 Vulnerability in maven package org.codehaus.plexus:plexus-archiver
CVE-2023-5573 Vulnerability in npm package @vrite/sdk
CVE-2019-15609 Vulnerability in npm package kill-port-process
CVE-2017-16147 Vulnerability in npm package shit-server
CVE-2022-23532 Vulnerability in maven package org.neo4j.procedure:apoc