Description
rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype.
Remediation
References
https://snyk.io/vuln/SNYK-JS-RDFGRAPHARRAY-551803
https://github.com/rdf-ext-archive/rdf-graph-array/blob/master/index.js#L211
Related Vulnerabilities
CVE-2018-1324 Vulnerability in maven package org.apache.commons:commons-compress
CVE-2018-8013 Vulnerability in maven package org.eclipse.birt.runtime:org.apache.batik.dom
CVE-2020-10758 Vulnerability in maven package org.keycloak:keycloak-wildfly-server-subsystem
CVE-2022-28153 Vulnerability in maven package org.jvnet.hudson.plugins:sitemonitor
CVE-2023-37963 Vulnerability in maven package io.jenkins.plugins:benchmark-evaluator