Prototype Pollution

extend-merge is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype through the merge function...

Node.js third-party modules: [extend-merge] Prototype pollution

I would like to report a prototype pollution vulnerability in extend-merge module. It allows an attacker to inject properties on Object.prototype. Module module name: extend-merge version: 1.0.5 npm page: https://www.npmjs.com/package/extend-merge Module Description Shallow extend and deep merge...