Improper Input Validation
A prototype pollution vulnerability in controlled-merge may allow an attacker to cause a denial of service, or possibly lead to remote code execution.
Advisories for Npm/Controlled-Merge package
2020
A prototype pollution vulnerability in controlled-merge may allow an attacker to cause a denial of service, or possibly lead to remote code execution.