deep-parse-json is vulnerable to prototype pollution. The library improperly validates the incoming JSON keys, which allows a remote attacker to add new properties to an object through __proto__
attribute.
CPE | Name | Operator | Version |
---|---|---|---|
deep-parse-json | le | 1.0.2 | |
deep-parse-json | le | 1.0.2 |