CVE-2021-28860

Name of the Vulnerable Software and Affected Versions: Node.js mixme versions prior to 0.5.1

Description: The issue allows an attacker to add or alter properties of an object via proto through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program, putting the availability of the program at risk and causing a potential denial of service (DoS).

Recommendations: For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue. As a temporary workaround, consider disabling the mutate() and merge() functions until a patch is available.