CVE-2020-36618: 
JavaScript vulnerability analysis and mitigation

A critical vulnerability was discovered in Furqan node-whois affecting an unknown function in the file index.coffee. The vulnerability, identified as CVE-2020-36618, involves improperly controlled modification of object prototype attributes (prototype pollution). The issue was discovered in December 2022 and a patch was released with commit ID 46ccc2aee8d063c7b6b4dee2c2834113b7286076 (GitHub Commit).

The vulnerability allows manipulation that leads to prototype pollution through the lookup functionality. The issue specifically occurs when handling the 'proto' property, which could allow an attacker to modify the object prototype attributes. The vulnerability was addressed by adding validation checks to prevent the usage of 'proto' in lookups (GitHub PR).

Successful exploitation of this vulnerability could allow attackers to modify object prototype attributes, potentially leading to prototype pollution attacks. This could result in the manipulation of application behavior and potentially lead to denial of service or other security implications (NVD).

The vulnerability has been patched in the repository through commit 46ccc2aee8d063c7b6b4dee2c2834113b7286076. The fix includes input validation to prevent 'proto' lookups. Users should update to the patched version of the package (GitHub Commit).