Name of the Vulnerable Software and Affected Versions upmerge versions (affected versions not specified)

Description The issue concerns a Prototype Pollution problem. The merge() function fails to prevent user input from altering an Object's prototype, allowing attackers to modify or override properties of all objects in the application. This could lead to Denial of Service or potentially be chained with other issues to achieve Remote Code Execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Consider using an alternative module until a fix is made available. As a temporary workaround, consider disabling the merge() function until a patch is available.