Description
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.
Remediation
References
https://github.com/js-data/js-data/blob/master/src/utils.js%23L417
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1050978
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050979
https://snyk.io/vuln/SNYK-JS-JSDATA-1023655
Related Vulnerabilities
CVE-2023-24789 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent
CVE-2022-22984 Vulnerability in npm package snyk-sbt-plugin
CVE-2021-22964 Vulnerability in npm package fastify-static
CVE-2023-48887 Vulnerability in maven package org.jupiter-rpc:jupiter-rpc
CVE-2022-41915 Vulnerability in maven package io.netty:netty-codec