0.001 Low
EPSS
Percentile
45.1%
Versions of merge before 1.2.1 are vulnerable to prototype pollution. The merge.recursive function can be tricked into adding or modifying properties of the Object prototype.
merge
merge.recursive
Update to version 1.2.1 or later.
github.com/advisories/GHSA-f9cm-qmx5-m98h
hackerone.com/reports/381194
nvd.nist.gov/vuln/detail/CVE-2018-16469
www.npmjs.com/advisories/722