Description
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.
Remediation
References
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050979
https://snyk.io/vuln/SNYK-JS-JSDATA-1023655
https://github.com/js-data/js-data/blob/master/src/utils.js%23L417
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1050978
Related Vulnerabilities
CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-pmml-examples
CVE-2020-36186 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2012-0391 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2022-0624 Vulnerability in maven package org.webjars.npm:parse-path
CVE-2023-46120 Vulnerability in maven package com.rabbitmq:amqp-client