The package mathjs prior to 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
mathjs mathjs