Hayageek

**Name of the Vulnerable Software and Affected Versions** Maker.js versions up to and including 0.19.1 **Description** Maker.js is a 2D vector line drawing and shape modeling library for CNC and laser cutters. The `makerjs.extendObject` function copies properties from source objects without proper validation. Specifically, the function lacks `hasOwnProperty()` checks and does not filter dangerous keys, allowing inherited and potentially malicious properties to be copied to target objects. This can expose applications to security risks. **Recommendations** Update to a version later than 0.19.1, such as version 0.19.2, which includes a fix available in commit 85e0f12bd868974b891601a141974f929dec36b8.