Description
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.
Remediation
References
https://github.com/js-data/js-data/blob/master/src/utils.js%23L417
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1050978
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050979
https://snyk.io/vuln/SNYK-JS-JSDATA-1023655
Related Vulnerabilities
CVE-2022-37199 Vulnerability in maven package com.jflyfox:jflyfox_jfinal
CVE-2021-43821 Vulnerability in maven package org.opencastproject:opencast-ingest-service-impl
CVE-2022-36912 Vulnerability in maven package org.jenkins-ci.plugins:openstack-heat
CVE-2021-21625 Vulnerability in maven package org.jenkins-ci.plugins:aws-credentials
CVE-2022-31192 Vulnerability in maven package org.dspace:dspace-jspui