0.005 Low
EPSS
Percentile
77.0%
tiny-conf is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as __proto__, constructor and prototype.
__proto__
constructor
prototype
github.com/advisories/GHSA-4q97-fh3f-j294
github.com/tiny-conf/tiny-conf/blob/1.1.0/tiny-conf.js#L46-L75