Prototype pollution vulnerabilities allow an attacker to run whatever code they chose on the server with a little experimentation - effectively creating a Remote Code Execution exploit.
