CVE-2021-23561
CVE-2021-23561 affects the npm package comb, where the deepMerge() function enables Prototype Pollution. The vulnerability arises from unsafe recursive merge and path-based property assignment, allowing an attacker to modify Object.prototype properties (e.g., proto , constructor, prototype). Docu...