Vulnerabilities > CVE-2021-23421 - Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Merge-Change Project Merge-Change
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |