The package madlib-object-utils before version 0.1.8 is vulnerable to Prototype Pollution via the setValue
method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701
もっと詳しく