Name of the Vulnerable Software and Affected Versions json-logic-js versions prior to 2.0.0

Description The issue allows a malicious user to modify the prototype of Object through the method property name in the operation method. This can lead to modification of any existing property that will exist on all objects and result in Remote Code Execution. A specific rule can create a popup when run from a browser, demonstrating the potential for malicious actions.

Recommendations For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the method property name in the operation method to minimize the risk of exploitation.