Prototype Pollution
CVE-2021-23397

5.6MEDIUM

Key Information:

Vendor: Merge Project
Status: @ianwalter/merge
Vendor: CVE Published:; 25 July 2022

🔔 Create Merge Project Vulnerability Alert

What is CVE-2021-23397?

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.

Affected Version(s)

@ianwalter/merge 0

References

https://security.snyk.io/vuln/SNYK-JS-IANWALTERMERGE-1311022

x_refsource_MISC

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2022
Vulnerability Reserved
Jan 8, 2021

Credit

Dung Le

CVE-2021-23397 Data

JSON