4 matches found
0726react (=0.1.1), 11-builder (=0.1.0) +16023 more potentially affected by CVE-2020-28499 via merge (>=1.0.0 <=2.1.0)
merge NPM version =1.0.0, =1.0.0, =0.0.1, =3.0.2, =0.1.0, =1.0.0, =0.0.1, =1.0.3, =0.1.4, =1.0.0-beta.1, =1.0.0-beta.2 - 960.css =1.0.0 and more Source cves: CVE-2020-28499 Source advisory: OSV:GHSA-7WPW-2HJM-89GP...
CVE-2020-28499
All versions of package merge are vulnerable to Prototype Pollution via recursiveMerge...
CVE-2020-28499 Prototype Pollution
All versions of package merge are vulnerable to Prototype Pollution via recursiveMerge...
CVE-2020-28499
CVE-2020-28499 affects the Node.js merge package. The vulnerability is a prototype pollution weakness in the _recursiveMerge function that exists in all versions before 2.1.1. Exploitation could allow an attacker to modify object prototypes, potentially leading to arbitrary code execution or mani...