Vulnerabilities > Merge Project > Merge > 1.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-18 | CVE-2020-28499 | Unspecified vulnerability in Merge Project Merge All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . | 9.8 |
| 2018-10-30 | CVE-2018-16469 | Improper Input Validation vulnerability in Merge Project Merge The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. | 7.5 |