Description
The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.
Remediation
References
https://github.com/jquense/expr/commit/df846910915d59f711ce63c1f817815bceab5ff7
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-598857
https://snyk.io/vuln/SNYK-JS-PROPERTYEXPR-598800
Related Vulnerabilities
CVE-2021-41164 Vulnerability in maven package org.webjars.npm:ckeditor4
CVE-2020-28500 Vulnerability in maven package org.webjars:lodash
CVE-2023-25805 Vulnerability in npm package versionn
CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-netty
CVE-2019-10759 Vulnerability in maven package org.webjars.npm:safer-eval