Jeffrey Heer

1 exploit Active since Mar 2020
CVE-2019-10806 WRITEUP MEDIUM WRITEUP
vega < 1.13.1 - Prototype Pollution via vega.mergeConfig
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.
CVSS 4.3