Description
The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.
Remediation
References
https://github.com/jquense/expr/commit/df846910915d59f711ce63c1f817815bceab5ff7
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-598857
https://snyk.io/vuln/SNYK-JS-PROPERTYEXPR-598800
Related Vulnerabilities
CVE-2014-0193 Vulnerability in maven package org.onosproject:onlab-stc
CVE-2023-6886 Vulnerability in maven package com.xnx3.wangmarket:wangmarket
CVE-2022-25644 Vulnerability in npm package @pendo324/get-process-by-name
CVE-2022-25883 Vulnerability in npm package semver
CVE-2021-43090 Vulnerability in maven package com.predic8:soa-model-parent