6 matches found
CVE-2026-34221
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...
CVE-2026-34221
CVE-2026-34221 affects MikroORM (TypeScript ORM for Node.js). The vulnerability is in the internal Utils.merge helper, which can be triggered during object structure merges and allows prototype pollution by passing keys like proto , constructor , or prototype . Affected versions are prior to 6.6....
CVE-2026-34221
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...
CVE-2026-34221 MikroORM has Prototype Pollution in Utils.merge
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...
CVE-2026-34221 MikroORM has Prototype Pollution in Utils.merge
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...
GHSA-QPFV-44F3-QQX6 MikroORM has Prototype Pollution in Utils.merge
A prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent special keys such as proto, constructor, or prototype, allowing attacker-controlled input to modify the JavaScript object prototype when...