Description
The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.
Remediation
References
https://github.com/Geta/NestedObjectAssign/pull/11
https://snyk.io/vuln/SNYK-JS-NESTEDOBJECTASSIGN-1065977
Related Vulnerabilities
CVE-2022-23457 Vulnerability in maven package org.owasp.esapi:esapi
CVE-2017-0931 Vulnerability in npm package html-janitor
CVE-2022-24785 Vulnerability in maven package org.webjars.npm:moment
CVE-2021-41165 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4
CVE-2020-6426 Vulnerability in maven package org.webjars.npm:electron