All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.
node-oojs project node-oojs