npm package
merge
pkg:npm/merge
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-28499 | — | < 2.1.1 | 2.1.1 | Feb 18, 2021 | All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . | ||
| CVE-2018-16469 | — | < 1.2.1 | 1.2.1 | Oct 30, 2018 | The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack. |
- CVE-2020-28499Feb 18, 2021affected < 2.1.1fixed 2.1.1
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
- CVE-2018-16469Oct 30, 2018affected < 1.2.1fixed 1.2.1
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.