Description
This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
Remediation
References
https://github.com/mikaelkaron/grunt-util-property/blob/master/main.js%23L41
https://security.snyk.io/vuln/SNYK-JS-GRUNTUTILPROPERTY-565088
Related Vulnerabilities
CVE-2019-1003087 Vulnerability in maven package org.jenkins-ci.plugins:sinatra-chef-builder
CVE-2020-2222 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-6532 Vulnerability in npm package electron
CVE-2017-16085 Vulnerability in npm package tinyserver2
CVE-2022-4565 Vulnerability in maven package cn.hutool:hutool-core