CVE-2018-16491: nodejs-extend: Prototype pollution in Object.prototype

Severity: Critical

CVSS Score: 9.8

A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.