Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects.
{ "github_reviewed_at": "2024-12-18T16:56:06Z", "severity": "MODERATE", "cwe_ids": [ "CWE-1321" ], "github_reviewed": true, "nvd_published_at": "2024-12-18T06:15:23Z" }