CVE-2020-28276

CVE-2020-28276 concerns the npm package deep-set , with vulnerable versions 1.0.0–1.0.1. The root cause is a prototype pollution flaw where the function deepSet() may assign to proto without validating object types, enabling an attacker to manipulate properties and potentially cause Denial of Ser...