CVE-2020-36632

Name of the Vulnerable Software and Affected Versions hughsk flat versions up to 5.0.0

Description A critical vulnerability was found in hughsk flat, affecting the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes, known as 'prototype pollution'. It is possible to initiate the attack remotely.

Recommendations For versions up to 5.0.0, upgrade to version 5.0.1 to address this issue. As a temporary workaround, consider disabling the unflatten function until a patch is available.