MidnightBSD

Advisories for merge-deep_project

CVE-2018-3722 MEDIUM

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-471,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
merge-deep_project merge-deep *
CVE-2021-26707 HIGH

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1321,

Products Affected

Vendor Product Version
netapp e-series_performance_analyzer -
merge-deep_project merge-deep *