Description
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
Remediation
References
https://hackerone.com/reports/980649
Related Vulnerabilities
CVE-2021-23771 Vulnerability in npm package argencoders-notevil
CVE-2021-26275 Vulnerability in npm package eslint-fixer
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.12
CVE-2022-41940 Vulnerability in maven package org.webjars.npm:engine.io
CVE-2021-39149 Vulnerability in maven package com.thoughtworks.xstream:xstream