0.005 Low
EPSS
Percentile
76.9%
node-oojs is vulnerable to prototype pollution. The vulnerability exists as the setPath function does not restrict __proto__ headers to be set in objects.
setPath
__proto__
github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf