Severity: high

    Prototype Pollution

    merge

    Overview

    Versions of merge before 2.1.1 are vulnerable to Prototype Pollution via _recursiveMerge .

    Remediation

    Upgrade to version 2.1.1 or later

    Resources

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      May 4th, 2021
    2. reported

      Reported by Anonymous
      May 4th, 2021