Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| allpro | formmanager_data_handler | 0.7.4 |