Vulnerabilities > CVE-2021-23397 - Unspecified vulnerability in Merge Project Merge

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

merge-project

critical

NVD

Published: 2022-07-25

Updated: 2024-11-21

Summary

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.

Vulnerable Configurations

Part	Description	Count
Application	Merge_Project Merge Project Merge *	1

References

https://security.snyk.io/vuln/SNYK-JS-IANWALTERMERGE-1311022
https://security.snyk.io/vuln/SNYK-JS-IANWALTERMERGE-1311022