Vulnerabilities > CVE-2021-23421 - Unspecified vulnerability in Merge-Change Project Merge-Change
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- https://github.com/VladimirShestakov/merge-change/blob/9901f145e06158f284f52de42e6ba5b0f702fb65/utils.js%23L89-L123
- https://github.com/VladimirShestakov/merge-change/blob/9901f145e06158f284f52de42e6ba5b0f702fb65/utils.js%23L89-L123
- https://snyk.io/vuln/SNYK-JS-MERGECHANGE-1310985
- https://snyk.io/vuln/SNYK-JS-MERGECHANGE-1310985