2 matches found
@generates/cli (>=0.0.2 <=0.0.7), @generates/core (>=0.0.2 <=0.0.7) +40 more potentially affected by CVE-2021-23397 via @ianwalter/merge (>=1.0.2 <=9.0.1)
@ianwalter/merge NPM version =1.0.2, =0.0.2, =0.0.2, =0.0.40, =0.0.2, =0.0.2, =0.0.0, =0.0.1, =2.5.0, =1.0.0, =3.0.0, =2.0.0, =1.1.1, =0.0.1, =0.1.1, =1.0.0 and more Source cves: CVE-2021-23397 Source advisory: OSV:GHSA-42M6-G935-5VMQ...
CVE-2021-23397 Prototype Pollution
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...