Versions of just-extend
before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend
can add or modify properties of the Object
prototype. These properties will be present on all objects.
Update to version 4.0.0
or later.
{ "github_reviewed_at": "2020-06-16T21:18:13Z", "cwe_ids": [ "CWE-1321", "CWE-400" ], "nvd_published_at": null, "severity": "CRITICAL", "github_reviewed": true }