The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. Note: This vulnerability derives from an incomplete fix in CVE-2020-7736