js-data is vulnerable to pollution prototype. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as __proto__
, constructor
and prototype
via the deepMixIn function.