Axios 注入漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.15.2 to 1.16.0 had a injection vulnerability. This vulnerability stemmed from the lack of hasOwnProperty checks on nested objects created by the utils.merge function. This could lead to prototype pollution and...

CVE-2026-34221

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...

CVE-2026-34221 MikroORM has Prototype Pollution in Utils.merge

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...

MikroORM 安全漏洞

MikroORM is an open-source framework from MikroORM that supports type-safe object-relational mapping for multiple databases. Versions of MikroORM prior to 6.6.10 and 7.0.6 contained security vulnerabilities. These vulnerabilities stemmed from theUtils.merge helper function not preventing special...