Description
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype.
Remediation
References
https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/backbone-qp.md
Related Vulnerabilities
CVE-2020-7627 Vulnerability in npm package node-key-sender
CVE-2020-15228 Vulnerability in npm package @actions/core
CVE-2020-7656 Vulnerability in maven package org.webjars.bower:jquery
CVE-2020-13956 Vulnerability in maven package org.apache.httpcomponents:httpclient
CVE-2018-1000863 Vulnerability in maven package org.jenkins-ci.main:jenkins-core