All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function.
tiny-conf project tiny-conf