CVE-2021-25953

Prototype Pollution in npm/putil-merge

Identifiers

CVE-2021-25953

Package Slug

npm/putil-merge

Vulnerability

Prototype Pollution

Description

Prototype pollution vulnerability in 'putil-merge' allows attacker to cause a denial of service and may lead to remote code execution.

Affected Versions

All versions starting from 1.0.0 up to 3.6.6

Solution

Upgrade to version 3.7.0 or above.

Last Modified

2021-07-16

source