EPSS
Percentile
84.2%
property-expr is vulnerable to prototype pollution. An attacker is able to add and modify properties of Object.prototype using a proto payload.
proto
github.com/advisories/GHSA-6fw4-hr69-g3rv
github.com/jquense/expr/blob/v2.0.2/index.js#L47-L57
github.com/jquense/expr/commit/df846910915d59f711ce63c1f817815bceab5ff7
hackerone.com/reports/910206