Node.js deep-get-set module is vulnerable to a denial of service, caused by a prototype pollution flaw in the deep function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Node.js deep-get-set 1.1.1
Upgrade to the latest version of deep-get-set, available from the NPM Web site.
NPM Web site