properties-reader is vulnerable to prototype pollution. The vulnerability exists in the PropertiesReader.prototype.set
function in properties-reader.js
, allowing a malicious user to inject properties into existing construct prototypes and modify attributes such as __proto__
, constructor
, and prototype
.