Description
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.
Remediation
References
https://security.snyk.io/vuln/SNYK-JS-IANWALTERMERGE-1311022
Related Vulnerabilities
CVE-2022-4725 Vulnerability in maven package com.amazonaws:aws-android-sdk-core
CVE-2022-43424 Vulnerability in maven package com.compuware.jenkins:compuware-xpediter-code-coverage
CVE-2023-26480 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-webjar
CVE-2023-27095 Vulnerability in maven package cn.hippo4j:hippo4j-core
CVE-2021-21363 Vulnerability in maven package io.swagger:swagger-generator