Description
undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
Remediation
References
https://snyk.io/vuln/SNYK-JS-UNDEFSAFE-548940
https://github.com/remy/undefsafe/commit/f272681b3a50e2c4cbb6a8533795e1453382c822
Related Vulnerabilities
CVE-2023-3691 Vulnerability in maven package org.webjars.bower:layui
CVE-2021-34083 Vulnerability in npm package google-it
CVE-2022-4640 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2021-21428 Vulnerability in maven package org.openapitools:openapi-generator-online
CVE-2016-10735 Vulnerability in maven package fr.norad.bootstrap:bootstrap