All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function.