Description
The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.
Remediation
References
https://snyk.io/vuln/SNYK-JS-PROPERTYEXPR-598800
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-598857
https://github.com/jquense/expr/commit/df846910915d59f711ce63c1f817815bceab5ff7
Related Vulnerabilities
CVE-2022-28355 Vulnerability in maven package org.scala-js:scalajs-library_2.12
CVE-2021-23463 Vulnerability in maven package com.h2database:h2
CVE-2021-23344 Vulnerability in npm package total.js
CVE-2022-36313 Vulnerability in maven package org.webjars.npm:file-type
CVE-2020-7743 Vulnerability in maven package org.webjars.npm:mathjs