Description
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
Remediation
References
https://snyk.io/vuln/SNYK-JS-COMPONENTFLATTEN-548907
Related Vulnerabilities
CVE-2016-10735 Vulnerability in maven package org.webjars.bower:bootstrap-sass
CVE-2023-46659 Vulnerability in maven package org.jenkins-ci.plugins:trac
CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-javalite
CVE-2022-25871 Vulnerability in npm package querymen
CVE-2016-0779 Vulnerability in maven package org.apache.tomee:arquillian-tomee-common