Miguel Monteiro

**Name of the Vulnerable Software and Affected Versions** expand-object versions 0.0.0 and later **Description** The issue concerns a Prototype Pollution flaw in the `expand()` function located in index.js. This function is used to expand a given string into an object, but it does not check the provided keys for sensitive properties like ` proto `, allowing a nested property to be set. This can be exploited by attackers. **Recommendations** For versions 0.0.0 and later of expand-object, consider disabling the `expand()` function in index.js until a patch is available to prevent potential exploitation. Restrict access to sensitive properties like ` proto ` to minimize the risk of Prototype Pollution.