Name of the Vulnerable Software and Affected Versions: think-config versions prior to 1.1.3

Description: The software does not properly control modifications of attributes of the object prototype when receiving input from an upstream component. This issue may be related to the concept of prototype pollution, where an attacker can modify the prototype of an object, potentially leading to security vulnerabilities.

Recommendations: For think-config versions prior to 1.1.3, upgrade to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable think-config module to minimize the risk of exploitation.