Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
{
"github_reviewed_at": "2021-04-19T22:31:31Z",
"nvd_published_at": "2020-11-09T15:15:00Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-1321",
"CWE-20",
"CWE-471"
],
"severity": "HIGH"
}