CVE-2021-23426
Proto is vulnerable to prototype pollution via the merge function across all versions. The root cause is an unsafe recursive merge (and related path-based pollution) that can inject properties into Object.prototype (proto , constructor, prototype). Potential impact includes DoS and possible remot...