Severity: Critical
CVSS Score: 9.8
The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.