CVE-2021-3645
npm/merge
Improperly Controlled Modification of Dynamically-Determined Object Attributes
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
All versions before 1.0.2
Upgrade to version 1.1.0 or above.
2021-09-24
source |