Prototype Pollution
dref is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the lib.set function, which allows an attacker to inject malicious properties into the Object.prototype, leading to a potential denial of service DoS condition...