Description
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.
Remediation
References
https://fluidattacks.com/advisories/buuren/
https://github.com/sibu-github/deep-parse-json
Related Vulnerabilities
CVE-2023-41037 Vulnerability in maven package org.webjars.npm:github-com-openpgpjs-openpgpjs
CVE-2021-23384 Vulnerability in npm package koa-remove-trailing-slashes
CVE-2018-1000632 Vulnerability in maven package org.dom4j:dom4j
CVE-2015-1833 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webdav
CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on