Description
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.
Remediation
References
https://hackerone.com/reports/380878
Related Vulnerabilities
CVE-2023-22899 Vulnerability in maven package net.lingala.zip4j:zip4j
CVE-2020-36181 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2018-10469 Vulnerability in maven package org.b3log:symphony
CVE-2020-16040 Vulnerability in npm package electron
CVE-2022-25869 Vulnerability in maven package org.webjars.npm:angular