This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.