CVE-2021-23397

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in npm/merge

Identifiers

CVE-2021-23397

Package Slug

npm/merge

Vulnerability

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Description

All versions of package @ianwalter/merge is vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.

Affected Versions

All versions

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-08-02

source