CVE-2018-16469: Improper Input Validation
(updated )
The merge.recursive
function in the merge package can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.
References
Detect and mitigate CVE-2018-16469 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →