Vulnerabilities > Merge Deep Project > Merge Deep > 0.1.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2021-26707 | The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. | 9.8 |
| 2018-06-07 | CVE-2018-3722 | Unspecified vulnerability in Merge-Deep Project Merge-Deep merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | 6.5 |