Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Merge Project Security Vulnerabilities

cve
cve

CVE-2018-16469

The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.

7.5CVSS

7.3AI Score

0.001EPSS

2018-10-30 09:29 PM
40
cve
cve

CVE-2020-28499

All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .

9.8CVSS

9.3AI Score

0.004EPSS

2021-02-18 04:15 PM
42
cve
cve

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.

9.8CVSS

9.4AI Score

0.003EPSS

2022-07-25 02:15 PM
88
6
cve
cve

CVE-2021-3645

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

9.8CVSS

9.3AI Score

0.004EPSS

2021-09-10 11:15 AM
33