Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
object-path package is vulnerable to Prototype Pollution in versions before 0.11.8. The functions del(), empty(), push(), insert() are vulnerable when using the "inherited props" mode (e.g., when a new object-path instance is created with the includeInheritedProps option set to true, or when using the withInheritedProps default instance). To help prevent this type of vulnerability in the client code, the get() function will now throw an exception if an object's magic properties are accessed. The vulnerability does not exist in the default instance exposed by object path (e.g., objectPath.del()) if using a version from 0.11.0.
CWE-1321 - Prototype Pollution