simple-plist is vulnerable to prototype pollution. The vulnerability exists because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes via .parse()
function.
CPE | Name | Operator | Version |
---|---|---|---|
simple-plist | eq | 1.3.0 | |
simple-plist | eq | 1.3.0 |