merge-deep

Releases16

Frequency5 months 18 hours

Last Release over 5 years ago

Recursively merge values in a javascript object.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-26707 ↗	Jun 2, 2021Wednesday, 2 June 2021, 15:15	9.8 CRITICAL	7.5 HIGH
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.