Description
This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.
Remediation
References
https://snyk.io/vuln/SNYK-JS-PROTO-1316301
https://www.npmjs.com/package/Proto
Related Vulnerabilities
CVE-2020-7769 Vulnerability in npm package nodemailer
CVE-2012-0393 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2020-7746 Vulnerability in maven package org.webjars.bower:chart.js
CVE-2020-28196 Vulnerability in npm package node-krb5
CVE-2020-7773 Vulnerability in npm package markdown-it-highlightjs