2 matches found
GHSA-MHWJ-73QX-JQXM @theecryptochad/merge-guard has Prototype Pollution in its deepMerge() function
Summary @theecryptochad/merge-guard versions prior to 1.0.1 are vulnerable to Prototype Pollution via the deepMerge function. An attacker who controls the source object can inject proto keys that mutate Object.prototype, affecting all objects in the Node.js runtime. Details The deepMerge function...
@theecryptochad/merge-guard has Prototype Pollution in its deepMerge() function
Summary @theecryptochad/merge-guard versions prior to 1.0.1 are vulnerable to Prototype Pollution via the deepMerge function. An attacker who controls the source object can inject proto keys that mutate Object.prototype, affecting all objects in the Node.js runtime. Details The deepMerge function...