Description
This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.
Remediation
References
https://snyk.io/vuln/SNYK-JS-PROTO-1316301
https://www.npmjs.com/package/Proto
Related Vulnerabilities
CVE-2021-43116 Vulnerability in maven package com.alibaba.nacos:nacos-client
CVE-2022-36901 Vulnerability in maven package org.jenkins-ci.plugins:http_request
CVE-2020-11023 Vulnerability in maven package org.webjars.bower:jquery
CVE-2022-41401 Vulnerability in maven package org.openrefine:main
CVE-2020-28168 Vulnerability in maven package org.webjars.bower:axios