GHSA-F7QW-5PVG-MMWP Prototype Pollution in lutils-merge

All versions of lutils-merge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with other...

anjiayi-elf (>=1.0.0 <=1.0.9), anjiayi-exp (>=1.0.0 <=1.2.6) +5 more potentially affected by unknown CVE via lutils-merge (>=0.1.4 <=0.2.6)

lutils-merge NPM version =0.1.4, =1.0.0, =1.0.0, =1.0.0, =0.0.1-alpha, =0.1.0, =0.2.1 Source cves: unknown CVE Source advisory: OSV:GHSA-F7QW-5PVG-MMWP...

Prototype Pollution in lutils-merge

All versions of lutils-merge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with other...

Prototype Pollution

Overview All versions of lutils-merge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with...

Prototype Pollution

lutils-merge is vulnerable to prototype pollution. A lack of validation allows an attacker to inject arbitrary prototype objects to execute arbitrary code or cause a denial of service...

Node.js third-party modules: Prototype pollution attack (lutils-merge)

Hi team, I would like to report a prototype pollution vulnerability in lutils-merge that allows an attacker to inject properties on Object.prototype. Module module name: lutils-merge version: 0.2.6 npm page: https://www.npmjs.com/package/lutils-merge Module Description Merge javascript objects...