Improper Input Validation
confinit is vulnerable to Prototype Pollution. The setDeepProperty function could be tricked into adding or modifying properties of Object.prototype using a proto payload.
Advisories for Npm/Confinit package
2020
confinit is vulnerable to Prototype Pollution. The setDeepProperty function could be tricked into adding or modifying properties of Object.prototype using a proto payload.