5 matches found
[SECURITY] Fedora 40 Update: sequence-library-1.0.3-18.fc40
A textual diff and merge library...
GHSA-7WPW-2HJM-89GP Prototype Pollution in merge
All versions of package merge 2.1.1 are vulnerable to Prototype Pollution via recursiveMerge...
Prototype Pollution
Overview merge is a library that allows you to merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser. Affected versions of this package are vulnerable to Prototype Pollution via recursiveMerge...
GHSA-F9CM-QMX5-M98H Prototype Pollution in merge
Versions of merge before 1.2.1 are vulnerable to prototype pollution. The merge.recursive function can be tricked into adding or modifying properties of the Object prototype. Recommendation Update to version 1.2.1 or later...
UBUNTU-CVE-2018-16469
The merge.recursive function in the merge package 1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack...