Mestrteeo

**Name of the Vulnerable Software and Affected Versions** allpro form-manager version 0.7.4 **Description** The issue allows attackers to run arbitrary code and cause other impacts. This is achieved via the functions `setDefaults`, `mergeBranch`, and `Object.setObjectValue`. **Recommendations** For allpro form-manager version 0.7.4, consider disabling the `setDefaults`, `mergeBranch`, and `Object.setObjectValue` functions until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aofl cli-lib version 3.14.0 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties through a prototype pollution in the `defaultsDeep` component. **Recommendations** For aofl cli-lib version 3.14.0, consider restricting the use of the `defaultsDeep` component until a patch is available to prevent arbitrary code execution or Denial of Service (DoS) attacks.