CVE-2020-28499
npm/merge
Prototype Pollution
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge.
_recursiveMerge
All versions before 2.1.1
Upgrade to version 2.1.1 or above.
2021-02-26