Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Merge
(Merge_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-18 | CVE-2020-28499 | All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . | Merge | 9.8 | ||
| 2021-09-10 | CVE-2021-3645 | merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | Merge | 9.8 | ||
| 2022-07-25 | CVE-2021-23397 | All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead. | Merge | 9.8 | ||
| 2018-10-30 | CVE-2018-16469 | The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack. | Merge | N/A |