All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function.