Yumarun

**Name of the Vulnerable Software and Affected Versions** Velocity.js versions prior to 2.1.6 **Description** A prototype pollution issue exists during the processing of #set directives in templates. The engine accepts arbitrary path keys and performs assignments in the `/src/compile/set.ts` file using the logic `(baseRef as Record<string, unknown>)[key] = val`. Due to a lack of validation or filtering for sensitive keys such as ` proto `, `constructor`, or `prototype`, an attacker can traverse the prototype chain and pollute the global Object.prototype. This can lead to Denial of Service (DoS) or Remote Code Execution (RCE) depending on the server environment. **Recommendations** Update to a version newer than 2.1.5.