EPSS
Percentile
73.4%
defaults-deep is vulnerable to prototype pollution. Properties of the Object prototype can be added or modified via JSON.parse, causing a denial of service condition or possibly remote code execution depending on the application.
Object
JSON.parse
github.com/jonschlinkert/defaults-deep/issues/8
hackerone.com/reports/380878