Affected versions of jointjs
are vulnerable to Prototype Pollution via util.setByPath
. The path used the access the object’s key and set the value is not properly sanitized, leading to a Prototype Pollution.
Update to fixed version 3.3.0 or later