0.003 Low
EPSS
Percentile
68.8%
merge-deep2 is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes via merge function.
merge
github.com/jonschlinkert/merge-deep/commit/2c33634da7129a5aefcc262d2fec2e72224404e5