The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
{ "github_reviewed_at": "2021-04-21T19:47:53Z", "github_reviewed": true, "nvd_published_at": "2020-10-13T10:15:00Z", "cwe_ids": [ "CWE-915" ], "severity": "HIGH" }