11 matches found
Prototype Pollution
ianwalter/merge is vulnerable to prototype pollution. The vulnerability exist in the merge function in merge.js which allows remote attackers to inject malicious payloads...
@generates/cli (>=0.0.2 <=0.0.7), @generates/core (>=0.0.2 <=0.0.7) +40 more potentially affected by CVE-2021-23397 via @ianwalter/merge (>=1.0.2 <=9.0.1)
@ianwalter/merge NPM version =1.0.2, =0.0.2, =0.0.2, =0.0.40, =0.0.2, =0.0.2, =0.0.0, =0.0.1, =2.5.0, =1.0.0, =3.0.0, =2.0.0, =1.1.1, =0.0.1, =0.1.1, =1.0.0 and more Source cves: CVE-2021-23397 Source advisory: OSV:GHSA-42M6-G935-5VMQ...
GHSA-42M6-G935-5VMQ @ianwalter/merge Prototype Pollution via `merge` function
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. @ianwalter/merge is deprecated and the maintainer suggests using @generates/merger instead...
CVE-2021-23397
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...
CVE-2021-23397
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...
Information disclosure
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...
CVE-2021-23397 Prototype Pollution
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...
CVE-2021-23397
CVE-2021-23397 affects all versions of @ianwalter/merge and enables Prototype Pollution via the main merge function. Root cause: unsafe recursive merge can copy a proto property from a polluted source, enabling prototype contamination and potential remote code execution or DoS, as described in co...
CVE-2021-23397
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...
merge 安全漏洞
merge is a tool for recursively merging JavaScript objects. A security vulnerability exists in @ianwalter/merge, which stems from the package's susceptibility to prototype contamination via the main merge function...
@generates/cli (>=0.0.2 <=0.0.7), @generates/core (>=0.0.2 <=0.0.7) +40 more potentially affected by CVE-2021-23397 via @ianwalter/merge (>=1.0.2 <=9.0.1)
@ianwalter/merge NPM version =1.0.2, =0.0.2, =0.0.2, =0.0.40, =0.0.2, =0.0.2, =0.0.0, =0.0.1, =2.5.0, =1.0.0, =3.0.0, =2.0.0, =1.1.1, =0.0.1, =0.1.1, =1.0.0 and more Source cves: CVE-2021-23397 Source advisory: SNYK:JS-IANWALTERMERGE-1311022...