Description
This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object.
Remediation
References
https://github.com/tony-tsx/cookiex-deep/commit/b5bea2b7f34a5fa9abb4446cbd038ecdbcd09c88
https://github.com/tony-tsx/cookiex-deep/issues/1
https://snyk.io/vuln/SNYK-JS-COOKIEXDEEP-1582793
Related Vulnerabilities
CVE-2014-0120 Vulnerability in maven package io.hawt:hawtio-karaf-terminal
CVE-2022-33891 Vulnerability in maven package org.apache.spark:spark-core_2.13
CVE-2021-32624 Vulnerability in npm package keystone
CVE-2022-31018 Vulnerability in maven package com.typesafe.play:play_2.13
CVE-2021-3690 Vulnerability in maven package io.undertow:undertow-core