2020-03-09 16:00:54
snyk
PUBLISHED
vega-util prior to 1.13.1 allows manipulation of object prototype. The vega.mergeConfig method within vega-util could be tricked into adding or modifying properties of the Object.prototype.