CVE-2021-23432

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()