Description
This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.
Remediation
References
https://runkit.com/embed/sq8qjwemyn8t
https://snyk.io/vuln/SNYK-JS-XASSIGN-1759314
Related Vulnerabilities
CVE-2022-25962 Vulnerability in npm package vagrant.js
CVE-2023-37602 Vulnerability in maven package org.opencms:opencms-core
CVE-2021-23379 Vulnerability in npm package portkiller
CVE-2023-49371 Vulnerability in maven package com.ruoyi:ruoyi
CVE-2019-20921 Vulnerability in maven package org.webjars.bowergithub.thdoan:bootstrap-select