Prototype Pollution in deepmergefn

2021-08-1016:09:25

Google

osv.dev

0.005 Low

EPSS

Percentile

76.3%

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.

CPENameOperatorVersion
deepmergefnle1.1.0

CPE	Name	Operator	Version
	deepmergefn	le	1.1.0

References

github.com/jesusgm/deepmergefn

github.com/jesusgm/deepmergefn/blob/master/index.js#23L6

nvd.nist.gov/vuln/detail/CVE-2021-23417

snyk.io/vuln/SNYK-JS-DEEPMERGEFN-1310984

0.005 Low

EPSS

Percentile

76.3%

Related for OSV:GHSA-VJ72-MWRJ-M2XQ