Severity: Critical
CVSS Score: 9.8
All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.