Description
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
Remediation
References
https://hackerone.com/reports/980649
Related Vulnerabilities
CVE-2023-30532 Vulnerability in maven package org.jenkinsci.plugins.spoonscript:spoonscript
CVE-2022-3224 Vulnerability in npm package parse-url
CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-client
CVE-2021-43570 Vulnerability in maven package com.starkbank.ellipticcurve:starkbank-ecdsa