Description
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
Remediation
References
https://hackerone.com/reports/430831
Related Vulnerabilities
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api
CVE-2020-7743 Vulnerability in npm package mathjs
CVE-2023-28709 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2020-28278 Vulnerability in maven package org.webjars.npm:shvl
CVE-2020-8203 Vulnerability in maven package org.webjars:lodash