EPSS
Percentile
72.2%
comb is vulnerable to prototype pollution. The function deepMerge() allows an attacker to get control of value of “path” and modify attributes such as __proto__, constructor and prototype.
deepMerge()
__proto__
constructor
prototype
github.com/C2FO/comb/blob/aa60867911eaf396c3dec77832d9b62d2a9ace49/lib/base/object.js#L122