safe-flat is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as __proto__
, constructor
and prototype
via the unflatten
function.