Node.js third-party modules: Prototype pollution attack (lutils-merge)
Hi team, I would like to report a prototype pollution vulnerability in lutils-merge that allows an attacker to inject properties on Object.prototype. Module module name: lutils-merge version: 0.2.6 npm page: https://www.npmjs.com/package/lutils-merge Module Description Merge javascript objects...