Description
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.
Remediation
References
https://github.com/VladimirShestakov/merge-change/blob/9901f145e06158f284f52de42e6ba5b0f702fb65/utils.js%23L89-L123
https://snyk.io/vuln/SNYK-JS-MERGECHANGE-1310985
Related Vulnerabilities
CVE-2022-29166 Vulnerability in npm package matrix-org-irc
CVE-2022-25760 Vulnerability in npm package accesslog
CVE-2023-29199 Vulnerability in npm package vm2
CVE-2022-25883 Vulnerability in maven package org.webjars.npm:semver
CVE-2021-27578 Vulnerability in maven package org.apache.zeppelin:zeppelin