requirejs is vulnerable to Prototype Pollution. The vulnerability is due to missing prototype checks in the config
, s.contexts._.configure
, and parse
functions, which allows an attackers to modify the built-in Object.prototype
by passing arguments containing the special __proto__
key, which results in behavior modifications of the library.