Description
confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
Remediation
References
https://github.com/davideicardi/confinit/commit/a34e06ca5c1c8b047ef112ef188b2fe30d2a1eab
https://snyk.io/vuln/SNYK-JS-CONFINIT-564433
Related Vulnerabilities
CVE-2022-41937 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui
CVE-2022-21671 Vulnerability in npm package @replit/crosis
CVE-2019-15479 Vulnerability in npm package status-board
CVE-2020-14195 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2011-5064 Vulnerability in maven package tomcat:catalina