Description
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655).
Remediation
References
https://github.com/js-data/js-data/blob/master/dist/js-data.js%23L472
https://github.com/js-data/js-data/issues/576
https://github.com/js-data/js-data/issues/577
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
https://snyk.io/vuln/SNYK-JS-JSDATA-1584361
Related Vulnerabilities
CVE-2021-30109 Vulnerability in npm package froala-editor
CVE-2021-41184 Vulnerability in maven package org.webjars.bower:jquery-ui
CVE-2019-10440 Vulnerability in maven package org.jenkins-ci.plugins:neoload-jenkins-plugin
CVE-2021-22963 Vulnerability in npm package fastify-static
CVE-2017-18214 Vulnerability in maven package org.webjars.bowergithub.moment:moment