Hughsk

**Name of the Vulnerable Software and Affected Versions** hughsk flat versions up to 5.0.0 **Description** A critical vulnerability was found in hughsk flat, affecting the function `unflatten` of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes, known as 'prototype pollution'. It is possible to initiate the attack remotely. **Recommendations** For versions up to 5.0.0, upgrade to version 5.0.1 to address this issue. As a temporary workaround, consider disabling the `unflatten` function until a patch is available.