[@strikeentco/set] Prototype pollution in @strikeentco/set

Prototype pollution vulnerability in ‘@strikeentco/set’ version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-28267
• https://github.com/strikeentco/set/commit/102cc6b2e1d1e0c928ced87e75df759d5541ff60
• https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28267
• https://github.com/advisories/GHSA-wwg2-2crq-6grr