EPSS
Percentile
73.4%
just-extend is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties into Object.prototype to add or modify existing properties due to a lack of object validation.
Object.prototype
github.com/angus-c/just/commit/4ba818b65d89e0bf316aa574322980b4b2bd94bf
hackerone.com/reports/430291
www.npmjs.com/advisories/780