0.002 Low
EPSS
Percentile
57.4%
decal is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as __proto__, constructor and prototype via the extend function.
__proto__
constructor
prototype
extend
github.com/gigafied/decal.js/blob/fdc046691f00021f0e65a593a11b670e265f0a00/src/utils/extend.js#L25-L81
github.com/gigafied/decal.js/blob/master/src/utils/extend.js%23L23-L56
www.npmjs.com/package/decal