The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.
CPE | Name | Operator | Version |
---|---|---|---|
nestedobjectassign | eq | 1.0.2-pre | |
nestedobjectassign | eq | 1.0.1 | |
nestedobjectassign | eq | 1.0.2 | |
nestedobjectassign | eq | 1.0.3 |