Prototype Pollution
The package nested-object-assign is vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.
Advisories for Npm/Nested-Object-Assign package
2021
The package nested-object-assign is vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.