CVE-2022-25645
The CVE concerns the Node.js npm package and npm module dset. Affected: dset versions prior to 3.1.2. Root cause: a Prototype Pollution flaw in the dset/merge mode, where the code validates top-level paths for proto , constructor, or prototype but can be bypassed by crafting a malicious object. I...