Description
The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.
Remediation
References
https://github.com/Geta/NestedObjectAssign/pull/11
https://snyk.io/vuln/SNYK-JS-NESTEDOBJECTASSIGN-1065977
Related Vulnerabilities
CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14
CVE-2022-23539 Vulnerability in npm package jsonwebtoken
CVE-2021-3820 Vulnerability in npm package i
CVE-2021-25933 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2020-12265 Vulnerability in maven package org.webjars:decompress-tar