Description
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.
Remediation
References
https://hackerone.com/reports/380878
Related Vulnerabilities
CVE-2020-8127 Vulnerability in maven package org.webjars:reveal.js
CVE-2022-41376 Vulnerability in npm package metro4
CVE-2021-4245 Vulnerability in maven package org.webjars.npm:rfc6902
CVE-2022-24728 Vulnerability in maven package org.webjars.npm:ckeditor4
CVE-2019-20363 Vulnerability in maven package org.igniterealtime.openfire:xmppserver