Impact
Possible prototype pollution for the MetadataRecord, when merged with a base class' metadata object, in meta decorator from the @aedart/support package.
The likelihood is questionable, given that a class' metadata can only be set or altered when the class is decorated via meta(). Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can become a vulnerability.
Patches
Has been patched in version 0.6.1.
Impact
Possible prototype pollution for the
MetadataRecord, when merged with a base class' metadata object, inmetadecorator from the@aedart/supportpackage.The likelihood is questionable, given that a class' metadata can only be set or altered when the class is decorated via
meta(). Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can become a vulnerability.Patches
Has been patched in version
0.6.1.