@antfu/utils is vulnerable to Prototype Pollution. The vulnerability exists due lack of sanization in the deepMerge
function of object.js
which allows an attacker to inject and modify malicious properties such as __proto__
, resulting in prototype pollution.
CPE | Name | Operator | Version |
---|---|---|---|
@antfu/utils | le | 0.7.2 | |
@antfu/utils | le | 0.7.2 |