Prototype pollution in object-path

### Impact A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. ### Patches Upgrade to version >= 0.11.5 ### Workarounds Don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0. ### References [Read more about the prototype pollution vulnerability](https://codeburst.io/what-is-prototype-pollution-49482fc4b638) ### For more information If you have any questions or comments about this advisory: * Open an issue in [object-path](https://github.com/mariocasciaro/object-path)