putil-merge is vulnerable to prototype pollution. The vulnerability exists due to the validations are not handled properly in the merge
method in merge.js
file which allows an attacker to inject properties into existing construct prototypes and modify attributes.