Description
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.
Remediation
References
https://hackerone.com/reports/801522
Related Vulnerabilities
CVE-2021-46440 Vulnerability in npm package strapi
CVE-2020-28496 Vulnerability in maven package org.webjars.npm:three
CVE-2020-35476 Vulnerability in maven package net.opentsdb:opentsdb
CVE-2021-4305 Vulnerability in npm package robots-txt-guard
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-spark-engine