CVE-2022-26260

Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().