GHSA-42M6-G935-5VMQ @ianwalter/merge Prototype Pollution via `merge` function

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. @ianwalter/merge is deprecated and the maintainer suggests using @generates/merger instead...

@ianwalter/merge Prototype Pollution via `merge` function

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. @ianwalter/merge is deprecated and the maintainer suggests using @generates/merger instead...

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

Information disclosure

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

CVE-2021-23397

CVE-2021-23397 affects all versions of @ianwalter/merge and enables Prototype Pollution via the main merge function. Root cause: unsafe recursive merge can copy a proto property from a polluted source, enabling prototype contamination and potential remote code execution or DoS, as described in co...

CVE-2021-23397 Prototype Pollution

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

PT-2022-9397 · Npm · @Ianwalter/Merge +1

Name of the Vulnerable Software and Affected Versions: @ianwalter/merge versions all Description: The issue concerns Prototype Pollution via the main merge function. The maintainer suggests using @generates/merger instead, as @ianwalter/merge is deprecated. Recommendations: For all versions,...

Prototype Pollution in generates/generates

Description @generates/merger is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var merger = require"@generates/merger" const paylo...