Injection Vulnerability
A prototype pollution vulnerability in node.extend allows an attacker to inject arbitrary properties onto Object.prototype.
Advisories for Npm/Node.extend package
2019
A prototype pollution vulnerability in node.extend allows an attacker to inject arbitrary properties onto Object.prototype.