Nerdjs

**Name of the Vulnerable Software and Affected Versions** grpc versions prior to 1.24.4 @grpc/grpc-js versions prior to 1.1.8 **Description** The issue concerns Prototype Pollution via loadPackageDefinition. This affects the grpc and @grpc/grpc-js packages. **Recommendations** For grpc versions prior to 1.24.4, update to version 1.24.4 or later. For @grpc/grpc-js versions prior to 1.1.8, update to version 1.1.8 or later.

**Name of the Vulnerable Software and Affected Versions** bmoor versions prior to 0.8.12 **Description** The issue concerns Prototype Pollution via the `set` function. **Recommendations** For versions prior to 0.8.12, update to version 0.8.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** safetydance versions all **Description** The issue concerns Prototype Pollution via the `set` function. This affects all versions of the package, allowing for potential manipulation of object properties. **Recommendations** For all versions, consider disabling the `set` function as a temporary workaround until a patch is available. Restrict access to the `set` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** node-forge versions prior to 0.10.0 **Description** The issue is related to Prototype Pollution via the `util.setPath` function. This can allow a remote attacker to implement a prototype pollution attack by modifying object attributes uncontrollably. **Recommendations** For versions prior to 0.10.0, update to version 0.10.0 or later, as it removes the vulnerable functions, providing a fix for the issue.

**Name of the Vulnerable Software and Affected Versions** locutus versions prior to 2.0.12 **Description** The issue concerns Prototype Pollution via the `php.strings.parse str` function. This affects the locutus package, allowing for potential manipulation of objects. **Recommendations** For versions prior to 2.0.12, update to version 2.0.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** node-oojs versions prior to 1.4.1 **Description** The issue concerns Prototype Pollution via the `setPath` function. This allows for potential manipulation of object properties, which could lead to various security issues. **Recommendations** For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `setPath` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** nodee-utils versions prior to 1.2.3 **Description** The issue concerns Prototype Pollution via the `deepSet` function. This allows for potential manipulation of object properties, which can lead to various security issues. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the `deepSet` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** promisehelpers versions prior to 0.0.6 **Description** The issue concerns Prototype Pollution via the `insert` function. This allows for potential manipulation of object properties. **Recommendations** For versions prior to 0.0.6, update to version 0.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** tiny-conf versions prior to 1.1.1 is not mentioned, however, all versions up to and including 1.1.0 are vulnerable, so: tiny-conf versions up to and including 1.1.0 **Description** The issue is related to Prototype Pollution via the `set` function. **Recommendations** For versions up to and including 1.1.0, consider disabling the `set` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** worksmith versions prior to 1.0.1 **Description** The issue concerns Prototype Pollution via the `setValue` function. This affects all versions up to and including 1.0.0 of the worksmith package. **Recommendations** For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the `setValue` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** safe-object2 versions (affected versions not specified) **Description** The issue concerns Prototype Pollution via the `setter` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gedi versions prior to 1.6.4 **Description** The issue concerns Prototype Pollution via the `set` function. This allows for potential manipulation of object properties, which can lead to various security issues. **Recommendations** For versions prior to 1.6.4, update to version 1.6.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `set` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** arr-flatten-unflatten versions up to and including 1.1.4 **Description** The issue concerns Prototype Pollution via the constructor. This means that an attacker could potentially manipulate the prototype of an object, leading to unintended behavior or security breaches. **Recommendations** For versions up to and including 1.1.4, consider avoiding the use of the vulnerable constructor until a patch is available. As a temporary workaround, restrict the use of the arr-flatten-unflatten package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** confucious versions prior to 0.0.13 **Description** The issue concerns Prototype Pollution via the `set` function. This allows for potential manipulation of object properties, which can lead to various security issues. **Recommendations** For versions prior to 0.0.13, update to version 0.0.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `set` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** deep-get-set versions prior to 1.1.1 **Description** The issue concerns Prototype Pollution via the main function. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** deeps versions prior to 1.4.6 **Description** The issue concerns Prototype Pollution via the `set` function. This allows for potential manipulation of object properties, which could lead to various security issues. **Recommendations** For versions prior to 1.4.6, update to version 1.4.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `set` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** dot-notes versions prior to 3.2.1 **Description** The issue concerns Prototype Pollution via the `create` function. This allows for potential manipulation of object properties. **Recommendations** For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** gammautils versions prior to 0.0.82 **Description** The issue concerns Prototype Pollution via the `deepSet` and `deepMerge` functions. **Recommendations** For versions prior to 0.0.82, update to version 0.0.82 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** connie-lang versions prior to 0.1.1 **Description** The issue concerns Prototype Pollution in the configuration language library used by connie-lang. **Recommendations** For versions prior to 0.1.1, update to version 0.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** property-expr versions prior to 2.0.3 **Description** The issue is related to Prototype Pollution via the setter function. It may allow a remote attacker to perform a prototype pollution attack by exploiting uncontrolled modification of object prototype attributes. **Recommendations** For property-expr versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue.