CWE-1321

This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported.

All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor.

All versions of package confucious are vulnerable to Prototype Pollution via the set function.

All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function.

All versions of package deeps are vulnerable to Prototype Pollution via the set function.

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function.