wintercms/winter is vulnerable to prototype pollution. The vulnerability exists in the main Snowboard class as well as its plugin loader where an attacker can control the default values of an object’s properties. This allows the attacker to tamper with the logic of the application.
github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1
github.com/wintercms/winter/commit/bce4b59584abf961e9400af3d7a4fd7638e26c7f
github.com/wintercms/winter/pull/687
github.com/wintercms/winter/releases/tag/v1.1.10
github.com/wintercms/winter/releases/tag/v1.2.1
github.com/wintercms/winter/security/advisories/GHSA-3fh5-q6fg-w28q