rfc6902 is vulnerable to prototype pollution. The vulnerability exists because of missing sanitization in pointer.ts
, which allows an attacker to inject malicious characteristics to add new values to the application object prototype, overwriting or contaminating the base object.