Severity: Critical
CVSS Score: 8.6
This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.