4 matches found
GHSA-F9CV-665R-275H Prototype Pollution in merge-change
All current versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function...
total.js 代码注入漏洞
total.js is open source a framework developed using JavaScript for the Node.js platform. It can be used to develop web, desktop, service and IoT platforms. Total.js suffers from a code injection vulnerability that stems from a call to the utils.set function with a user-controlled value in the...
CVE-2021-23421
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function...
Prototype Pollution
Overview merge-change is a Deep merge of objects and other types, also for patches and immutable updates. Affected versions of this package are vulnerable to Prototype Pollution via the utils.set function. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution...