This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1321,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| open-graph_project | open-graph | * |