EPSS
Percentile
61.7%
node-import is vulnerable to prototype pollution. The vulnerability exists due to a lack of sanitization in the index file “index.js”, allowing an attacker to modify and get control of the param attribute.
param
github.com/mahdaen/node-import/blob/master/index.js#23L79
github.com/mahdaen/node-import/blob/master/index.js%23L79