Description
The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
Remediation
References
https://hackerone.com/reports/310446
Related Vulnerabilities
CVE-2022-25646 Vulnerability in npm package x-data-spreadsheet
CVE-2021-3777 Vulnerability in npm package tmpl
CVE-2021-32851 Vulnerability in npm package mind-elixir
CVE-2022-21144 Vulnerability in npm package libxmljs
CVE-2023-26477 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui