Description
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
Remediation
References
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
Related Vulnerabilities
CVE-2022-46175 Vulnerability in maven package org.webjars.npm:json5
CVE-2022-3978 Vulnerability in npm package nodebb
CVE-2020-2109 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-cps
CVE-2023-51079 Vulnerability in maven package org.mvel:mvel2
CVE-2022-0671 Vulnerability in maven package org.eclipse.lemminx:lemminx-parent