Aedart

**Name of the Vulnerable Software and Affected Versions** @aedart/support versions prior to 0.6.1 **Description** The issue concerns a possible prototype pollution for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class' metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. **Recommendations** For versions prior to 0.6.1, update to version 0.6.1 to resolve the issue. As a temporary workaround, consider restricting the use of the `meta` decorator and limiting the storage of sensitive objects as metadata to minimize the risk of exploitation.