Description
rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype.
Remediation
References
https://github.com/rdf-ext-archive/rdf-graph-array/blob/master/index.js#L211
https://snyk.io/vuln/SNYK-JS-RDFGRAPHARRAY-551803
Related Vulnerabilities
CVE-2023-46654 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2022-28355 Vulnerability in maven package org.scala-js:scalajs-library_2.12
CVE-2021-28165 Vulnerability in maven package org.eclipse.jetty:jetty-io
CVE-2021-45029 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2022-31044 Vulnerability in maven package org.rundeck:rundeck