0.004 Low
EPSS
Percentile
73.0%
fun-map is vulnerable to prototype pollution. An attacker is able to inject and modify properties of Object.prototype using a __proto__ payload in the function assocInM, potentially alowing the execution of arbitrary code.
Object.prototype
__proto__
assocInM
github.com/nathan7/fun-map/blob/master/index.js#L137,
github.com/nathan7/fun-map/blob/v3.3.1/index.js#L137-L150