RSS   Vulnerabilities for 'Merge'   RSS

2021-02-18
 
CVE-2020-28499

NVD-CWE-noinfo
 
 
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .

 
2018-10-30
 
CVE-2018-16469

CWE-20
 
 
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.

 

Copyright 2024, cxsecurity.com

 

Back to Top