ianwalter/merge is vulnerable to prototype pollution. The vulnerability exist in the merge
function in merge.js
which allows remote attackers to inject malicious payloads.
CPE | Name | Operator | Version |
---|---|---|---|
@ianwalter/merge | le | 9.0.1 | |
@ianwalter/merge | le | 9.0.1 |