CVE-2021-44906: 
JavaScript vulnerability analysis and mitigation

Minimist version 1.2.5 and earlier contains a Prototype Pollution vulnerability in the setKey() function (lines 69-95) of index.js. The vulnerability was discovered and disclosed in December 2021 (NVD).

The vulnerability is classified as a Prototype Pollution issue (CWE-1321) that allows an attacker to modify object prototype attributes. The vulnerability has a CVSS v3.1 base score of 9.8 CRITICAL with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability exists in the setKey() function implementation which does not properly validate input, allowing manipulation of JavaScript language construct prototypes (Snyk).

Successful exploitation of this vulnerability could lead to Prototype Pollution, allowing an attacker to add or modify properties of Object.prototype using constructor or proto payload. This could result in denial of service, remote code execution, or property injection depending on how the affected application uses the polluted objects (Snyk).

The vulnerability has been fixed in minimist version 1.2.6. Users should upgrade to version 1.2.6 or later to address this vulnerability. If upgrading is not immediately possible, consider implementing input validation or using objects without prototypes (Object.create(null)) as a workaround (Snyk).