Description
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()
Remediation
References
https://snyk.io/vuln/SNYK-JS-MOOTOOLS-1325536
Related Vulnerabilities
CVE-2023-0674 Vulnerability in maven package com.xuxueli:xxl-job-core
CVE-2018-1335 Vulnerability in maven package org.apache.tika:tika-server
CVE-2018-1000614 Vulnerability in maven package org.onosproject:onos-netconf-provider-alarm
CVE-2021-44906 Vulnerability in maven package org.webjars.bowergithub.substack:minimist
CVE-2022-36895 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-utilities