Name of the Vulnerable Software and Affected Versions lutils-merge versions (all)

Description The issue concerns Prototype Pollution, where the merge() function fails to prevent user input from altering an Object's prototype. This allows attackers to modify or override properties of all objects in the application, potentially leading to Denial of Service or, when combined with other vulnerabilities, Remote Code Execution.

Recommendations For all versions, consider using an alternative package, as the current package is deprecated and no fixes are available.