keyget is vulnerable to prototype pollution. The vulnerability exists in set
and push
methods of index.js
because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes.