Prototype Pollution

kibana is vulnerable to prototype pollution. The vulnerability exists due to an improper use of Object.keys, allowing an authenticated user with Kibana index writing privilege to overwrite Object.prototype and execute malicious code with the permissions of the Kibana process on the host...

Prototype Pollution

assign-deep is vulnerable to prototype pollution. It does not validate the Object.keys before assigning it to the target object, therefore allowing an attacker to inject properties and objects into existing construct prototype...