CVE-2020-28268

Improper Input Validation in npm/controlled-merge

Identifiers

CVE-2020-28268

Package Slug

npm/controlled-merge

Vulnerability

Improper Input Validation

Description

A prototype pollution vulnerability in controlled-merge may allow an attacker to cause a denial of service, or possibly lead to remote code execution.

Affected Versions

All versions starting from 1.0.0 up to 1.2.0

Solution

Upgrade to version 1.3.0 or above.

Last Modified

2020-11-26

source