Description
confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
Remediation
References
https://snyk.io/vuln/SNYK-JS-CONFINIT-564433
https://github.com/davideicardi/confinit/commit/a34e06ca5c1c8b047ef112ef188b2fe30d2a1eab
Related Vulnerabilities
CVE-2023-47327 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2023-30548 Vulnerability in npm package gatsby-plugin-sharp
CVE-2021-35065 Vulnerability in npm package glob-parent
CVE-2023-3308 Vulnerability in maven package com.whaleal.icefrog:icefrog-all
CVE-2020-36180 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind