This vulnerability affects all versions of package x-assign. The global proto object can be polluted using the proto object.