@graphql-tools/merge

@graphql-tools/merge

Releases1.49K
Frequency1 day 12 hours
Last Release
A set of utils for faster development of GraphQL tools

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
all versions5.6 MEDIUM

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.

< 1.0.29.8 CRITICAL7.5 HIGH

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

< 2.1.17.3 HIGH7.5 HIGH

All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .