Описание
Prototype Pollution in merge
Versions of merge before 1.2.1 are vulnerable to prototype pollution. The merge.recursive function can be tricked into adding or modifying properties of the Object prototype.
Recommendation
Update to version 1.2.1 or later.
Пакеты
Наименование
merge
npm
Затронутые версииВерсия исправления
< 1.2.1
1.2.1
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 7 лет назад
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.
CVSS3: 7.5
nvd
больше 7 лет назад
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.