Description
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
Remediation
References
https://hackerone.com/reports/430291
Related Vulnerabilities
CVE-2020-6429 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-15262 Vulnerability in npm package webpack-subresource-integrity
CVE-2022-45399 Vulnerability in maven package org.zeroturnaround:cluster-stats
CVE-2022-33891 Vulnerability in maven package org.apache.spark:spark-core_2.12
CVE-2020-7773 Vulnerability in npm package markdown-it-highlightjs