npm json-ptr
before 2.1.0 has an arbitrary code execution vulnerability. The issue occurs in the set operation when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.
github.com/418sec/json-ptr/pull/3
github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174
github.com/flitbit/json-ptr/commit/2539e3494c80af1eef24f0f433654a61f255f011
nvd.nist.gov/vuln/detail/CVE-2020-7766
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396
snyk.io/vuln/SNYK-JS-JSONPTR-1016939
www.huntr.dev/bounties/2-npm-json-ptr
www.npmjs.com/package/json-ptr