PT-2021-15545 · Unknown · Merge-Deep2

Yeting Li

·

Published

2021-12-10

·

Updated

2021-12-16

·

CVE-2021-23700

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions merge-deep2 versions all
Description The issue concerns Prototype Pollution via the mergeDeep() function. This affects all versions of the merge-deep2 package.
Recommendations For all versions, consider disabling the mergeDeep() function as a temporary workaround until a patch is available.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2021-23700
GHSA-J28Q-P8WW-CP87

Affected Products

Merge-Deep2