Joomla! Core is prone to a prototype pollution vulnerability. Exploiting this issue may allow attackers to add or modify existing properties of an "Object", when controlling part of it's structure. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.9.4 are vulnerable.
Update to Joomla! Core version 3.9.5 or latest