The package madlib-object-utils before version 0.1.8 is vulnerable to Prototype Pollution via the setValue
method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701
{ "nvd_published_at": "2022-04-15T20:15:00Z", "severity": "HIGH", "github_reviewed_at": "2022-04-22T20:50:33Z", "github_reviewed": true, "cwe_ids": [ "CWE-1321" ] }