Description
This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.
Remediation
References
https://runkit.com/embed/sq8qjwemyn8t
https://snyk.io/vuln/SNYK-JS-XASSIGN-1759314
Related Vulnerabilities
CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.11
CVE-2019-10307 Vulnerability in maven package org.jvnet.hudson.plugins:analysis-core
CVE-2020-15252 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2016-11023 Vulnerability in maven package org.odata4j:odata4j-core