@theecryptochad/merge-guard has Prototype Pollution in its deepMerge() function

Summary @theecryptochad/merge-guard versions prior to 1.0.1 are vulnerable to Prototype Pollution via the deepMerge function. An attacker who controls the source object can inject proto keys that mutate Object.prototype, affecting all objects in the Node.js runtime. Details The deepMerge function...

EUVD-2021-2604

Malware in sbrugna...

EUVD-2021-1150

Malware in sbrugna...

EUVD-2021-1894

Malware in sbrugna...

EUVD-2021-2598

Malware in sbrugna...

EUVD-2022-6507

Malicious code in bioql PyPI...

@zag-js/core prototype pollution

A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2022-24802

deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords. This issue has been patched in version 4.0.2. There are no known workarounds for this issue...

Zag 安全漏洞

Zag is a framework open-sourced by Chakra. A security vulnerability exists in Zag version v0.50.0, which stems from the lib.deepMerge function containing a prototype contamination vulnerability...

StrykerJS 安全漏洞

StrykerJS is a JavaScript library open-sourced by Stryker Mutator. A security vulnerability exists in StrykerJS version v8.6.0, which stems from the deepMerge function containing a prototype contamination vulnerability...

PT-2025-5759 · Unknown · @Stryker-Mutator/Util

Name of the Vulnerable Software and Affected Versions: @stryker-mutator/util version 8.6.0 Description: A prototype pollution in the deepMerge function allows attackers to cause a Denial of Service DoS via supplying a crafted payload. Recommendations: For @stryker-mutator/util version 8.6.0,...

Prototype Pollution

@75lb/deep-merge is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of deepMerge methods in lodash to merge objects, which can allow attackers to execute arbitrary code, cause a Denial of Service DoS...

Prototype Pollution

@antfu/utils is vulnerable to Prototype Pollution. The vulnerability exists due lack of sanization in the deepMerge function of object.js which allows an attacker to inject and modify malicious properties such as proto, resulting in prototype pollution...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js object-extended module code execution (ID221418)

Summary Potential vulnerabilities in Node.js object-extended module which is caused by a prototype pollution flaw in the deepMerge function.ID221418 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability...

Prototype Pollution

ts-deepmerge is vulnerable to pollution prototype. The vulnerability exists because of missing sanitization of the merge parameters in 'src/index.test.ts', allowing an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or...

GHSA-7QQQ-GH2F-WQ76 ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution

The package ts-deepmerge before version 2.0.2 is vulnerable to Prototype Pollution due to missing sanitization of the merge function...

@alloyify/anvil (>=1.1.2 <=1.1.4), @alloyify/devkit (>=1.1.2 <=1.1.4) +68 more potentially affected by CVE-2022-25907 via ts-deepmerge (>=1.0.5 <=2.0.1)

ts-deepmerge NPM version =1.0.5, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =0.0.2, =0.2.0, =0.1.1, =2.4.6-alpha.3, =1.1.0, =0.1.0, =0.12.2, =0.0.1, =1.0.0-beta.1, =1.0.6 and more Source cves: CVE-2022-25907 Source advisory: OSV:GHSA-7QQQ-GH2F-WQ76...

ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution

The package ts-deepmerge before version 2.0.2 is vulnerable to Prototype Pollution due to missing sanitization of the merge function...

CVE-2022-25907

The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function...

CVE-2022-25907

The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function...