CVE-2019-10795: 
JavaScript vulnerability analysis and mitigation

CVE-2019-10795 affects the undefsafe package versions before 2.0.3. The vulnerability was discovered by JHU System Security Lab and was published on February 18, 2020. The vulnerability is related to Prototype Pollution in the package's 'a' function, which could be manipulated to add or modify properties of Object.prototype using a proto payload (Snyk Advisory).

The vulnerability is classified as a Prototype Pollution issue with a CVSS v3.1 base score of 6.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, indicating network accessibility, low attack complexity, low privileges required, and no user interaction needed. The vulnerability is categorized under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) (NVD).

When exploited, this vulnerability could lead to Prototype Pollution, potentially allowing attackers to add or modify properties of Object.prototype. This could result in some loss of confidentiality, integrity, and availability of the affected system, though the attacker's control over these impacts is limited (Snyk Advisory).

The recommended mitigation is to upgrade the undefsafe package to version 2.0.3 or higher. A fix has been implemented to prevent changes in the prototype chain, as documented in the package's commit history (GitHub Patch).