Description
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
Remediation
References
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
Related Vulnerabilities
CVE-2021-43307 Vulnerability in maven package org.webjars.npm:semver-regex
CVE-2019-16776 Vulnerability in npm package npm
CVE-2020-8137 Vulnerability in npm package fastify
CVE-2021-41183 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui
CVE-2019-12395 Vulnerability in maven package us.dynmap:dynmap