Frederick

**Name of the Vulnerable Software and Affected Versions** jsonata-js jsonata versions prior to 2.2.1 **Description** A weakness in the Function Binding Frame System component allows for prototype pollution, which is the improperly controlled modification of object prototype attributes. This issue occurs within the `createFrame()` function located in the `src/jsonata.js` file and can be triggered remotely. **Recommendations** Update to a version later than 2.2.0. As a temporary workaround, restrict the use of the `createFrame()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RubyLouvre avalon versions prior to 2.2.11 **Description** A flaw exists in the Template Filter Handler component within the file `src/filters/index.js`. An unknown function in this file allows for prototype pollution, which is the improperly controlled modification of object prototype attributes. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.