Description
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()
Remediation
References
https://snyk.io/vuln/SNYK-JS-MOOTOOLS-1325536
Related Vulnerabilities
CVE-2022-28157 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest
CVE-2020-16041 Vulnerability in maven package org.webjars.npm:electron
CVE-2019-19040 Vulnerability in maven package org.kairosdb:kairosdb
CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-commons
CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-managesieve