Description
The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.
Remediation
References
https://snyk.io/vuln/SNYK-JS-PROPERTYEXPR-598800
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-598857
https://github.com/jquense/expr/commit/df846910915d59f711ce63c1f817815bceab5ff7
Related Vulnerabilities
CVE-2021-46365 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2020-5258 Vulnerability in maven package org.webjars:dojo
CVE-2021-27516 Vulnerability in maven package org.webjars.npm:urijs
CVE-2021-21623 Vulnerability in maven package org.jenkins-ci.plugins:matrix-auth
CVE-2023-34478 Vulnerability in maven package org.apache.shiro:shiro-web