Description
All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MERGEDEEP2-1727593
Related Vulnerabilities
CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.layui:layui
CVE-2023-34840 Vulnerability in npm package angular-ui-notification
CVE-2022-24289 Vulnerability in maven package org.apache.cayenne:cayenne-server
CVE-2023-34455 Vulnerability in maven package org.xerial.snappy:snappy-java
CVE-2021-41183 Vulnerability in maven package org.webjars:jquery-ui