mout is vulnerable to prototype pollution. An attacker is able to fill missing properties recursively via deepFillIn
and mixes objects into the target existing child objects object recursively using deepMixIn
as those functions do not validate the key to access the target object recursively.