fizker/merge
Releases7
Frequency6 months 4 weeks
Last Release
A tool for merging objects.
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| all versions | 5.6 MEDIUM | — | ||
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead. | ||||
| < 1.0.2 | 9.8 CRITICAL | 7.5 HIGH | ||
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ||||
| < 2.1.1 | 7.3 HIGH | 7.5 HIGH | ||
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . | ||||
| < 1.2.1 | 7.5 HIGH | 5 MEDIUM | ||
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack. | ||||