component-flatten is vulnerable to prototype pollution. Lack of object validation allows an attacker to inject arbitrary Object properties which can potentially lead to execution of arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
component-flatten | le | 1.0.1 |