Description
This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.
Remediation
References
https://github.com/samholmes/node-open-graph/commit/a0cef507a90adaac7dbbe9c404f09a50bdefb348
https://snyk.io/vuln/SNYK-JS-OPENGRAPH-1536747
Related Vulnerabilities
CVE-2019-17195 Vulnerability in maven package com.nimbusds:nimbus-jose-jwt
CVE-2021-21353 Vulnerability in npm package pug
CVE-2022-45685 Vulnerability in maven package org.codehaus.jettison:jettison
CVE-2021-46365 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2019-10742 Vulnerability in maven package org.webjars.bowergithub.axios:axios