Improperly Controlled Modification of Dynamically-Determined Object Attributes
All versions of package merge-change is vulnerable to Prototype Pollution via the utils.set function.
Advisories for Npm/Merge-Change package
2021
All versions of package merge-change is vulnerable to Prototype Pollution via the utils.set function.