Description
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Remediation
References
https://github.com/jonschlinkert/assign-deep/commit/19953a8c089b0328c470acaaaf6accdfcb34da11
https://hackerone.com/reports/310707
Related Vulnerabilities
CVE-2022-1243 Vulnerability in npm package urijs
CVE-2022-31198 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts
CVE-2020-28267 Vulnerability in npm package @strikeentco/set
CVE-2022-4375 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2022-39263 Vulnerability in npm package @next-auth/upstash-redis-adapter