All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.