objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')