Pierre Villard

**Name of the Vulnerable Software and Affected Versions** AngularJS versions prior to 1.7.9 **Description** The issue concerns the `merge()` function, which can be tricked into adding or modifying properties of `Object.prototype` using a ` proto ` payload. This may allow an attacker to add or modify an existing property that will exist on all objects. The problem arises because the deprecated API function `merge()` does not restrict the modification of an Object's prototype. **Recommendations** For versions prior to 1.7.9, upgrade to version 1.7.9 or later.