@bit/loader is vulnerable to Prototype Pollution. The vulnerability is due to missing __proto__
property restrictions within the M function’s e argument in index.js, which allows an attacker to execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
@bit/loader | le | 10.0.3 | |
@bit/loader | le | 10.0.3 |