CVE-2020-28499
Prototype Pollution in npm/merge
Identifiers
CVE-2020-28499
Package Slug
npm/merge
Vulnerability
Prototype Pollution
Description
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge.
Affected Versions
All versions before 2.1.1
Solution
Upgrade to version 2.1.1 or above.
Last Modified
2021-02-26
| source |