CVE-2019-18954
Pomelo v2.2.5 is affected by CVE-2019-18954, a prototype-pollution vulnerability where a malicious user input can overwrite internal attributes in template/game-server/app/servers/connector/handler/entryHandler.js, enabling external control of critical state data. The issue arises from conflictin...