Aras Abbasi

**Name of the Vulnerable Software and Affected Versions** ts-deepmerge versions prior to 2.0.2 **Description** The issue is related to Prototype Pollution due to missing sanitization of the `merge` function. This allows for potential manipulation of the prototype, leading to various security issues. **Recommendations** For versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider disabling the `merge` function until a patch is available. Restrict access to the merge functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** dicer versions all **Description** The issue is related to the dicer package, where a malicious attacker can send a modified form to the server, causing the Node.js service to crash. By sending the payload repeatedly, an attacker can achieve a continuous denial of service. The vulnerability is associated with incorrect resource cleanup or deallocation in the dicer parser. **Recommendations** As a temporary workaround, consider disabling the vulnerable dicer package until a patch is available. Restrict access to the dicer package to minimize the risk of exploitation. Avoid using the dicer package in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.