Vulnerabilities > Merge Project

DATE CVE VULNERABILITY TITLE RISK
2021-09-10 CVE-2021-3645 Unspecified vulnerability in Merge Project Merge 1.0.0
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
network
low complexity
merge-project
7.5
2021-02-18 CVE-2020-28499 Unspecified vulnerability in Merge Project Merge
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
network
low complexity
merge-project
7.5
2018-10-30 CVE-2018-16469 Improper Input Validation vulnerability in Merge Project Merge
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype.
network
low complexity
merge-project CWE-20
5.0