CVE-2020-28268
npm/controlled-merge
Improper Input Validation
A prototype pollution vulnerability in controlled-merge may allow an attacker to cause a denial of service, or possibly lead to remote code execution.
All versions starting from 1.0.0 up to 1.2.0
Upgrade to version 1.3.0 or above.
2020-11-26
source |