Prototype pollution

Prototype Pollution will affects ember version 2.18 ?

If you mean the recent CVE which was patched then yes I would assume that Ember 2.18 is vulnerable. If upgrading is not an option (and that would be quite a jump regardless of how you go about it) I’d recommend following the advice of the post:

Apps on unsupported releases that cannot immediately upgrade should audit their usage of setProperties and set to ensure they are not allowing users to control the paths.