Description
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655).
Remediation
References
https://github.com/js-data/js-data/blob/master/dist/js-data.js%23L472
https://github.com/js-data/js-data/issues/576
https://github.com/js-data/js-data/issues/577
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
https://snyk.io/vuln/SNYK-JS-JSDATA-1584361
Related Vulnerabilities
CVE-2020-12827 Vulnerability in maven package org.webjars.npm:mjml
CVE-2023-5571 Vulnerability in npm package @vrite/sdk
CVE-2017-16206 Vulnerability in npm package cofee-script
CVE-2017-16174 Vulnerability in npm package whispercast
CVE-2018-10237 Vulnerability in maven package com.google.guava:guava