Description
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
Remediation
References
https://hackerone.com/reports/980649
Related Vulnerabilities
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-service
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-dbcp-service
CVE-2020-28499 Vulnerability in maven package org.webjars.npm:merge
CVE-2017-16138 Vulnerability in maven package org.webjars:mime
CVE-2023-40339 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider