CVE-2019-10798: 
JavaScript vulnerability analysis and mitigation

rdf-graph-array through 0.3.0-rc6 contains a Prototype Pollution vulnerability. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype using a prototype payload (NVD). This vulnerability was discovered and disclosed on February 21, 2020 by JHU System Security Lab (Snyk).

The vulnerability exists in the rdf.Graph.prototype.add method implementation which allows manipulation of JavaScript objects resulting in Prototype Pollution. The vulnerability has a CVSS v3.1 base score of 5.6 (Medium severity) with Network attack vector, High attack complexity, and no privileges or user interaction required (Snyk).

A successful exploitation of this vulnerability could allow an attacker to modify or add properties to Object.prototype, potentially leading to Denial of Service (DoS) conditions or other unintended behaviors in the application. The impact includes reduced performance and possible interruptions in resource availability (Snyk).

There is no fixed version available for rdf-graph-array as the package is no longer maintained. Users are advised to find alternative packages or implement proper input validation to prevent prototype pollution attacks (Snyk).