Reported by security researcher Micha? Bentkowski, the bug highlights the challenges of preventing client-side prototype pollution attacks. Prototype pollution can happen both on the client side (browser) and server side (Node.js servers).