Vulnerability	Vulnerable Version
H Prototype Pollution putil-merge is a Lightweight solution for merging multiple objects into one. Also it supports deep merge. Affected versions of this package are vulnerable to Prototype Pollution. The `merge()` function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the `constructor` property. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077 How to fix Prototype Pollution? Upgrade `putil-merge` to version 3.8.0 or higher.	<3.8.0
H Prototype Pollution putil-merge is a Lightweight solution for merging multiple objects into one. Also it supports deep merge. Affected versions of this package are vulnerable to Prototype Pollution. The `merge()` function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the `__proto__` property. How to fix Prototype Pollution? Upgrade `putil-merge` to version 3.7.0 or higher.	<3.7.0

Prototype Pollution

putil-merge is a Lightweight solution for merging multiple objects into one. Also it supports deep merge.

Affected versions of this package are vulnerable to Prototype Pollution. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property.

Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077

How to fix Prototype Pollution?

Upgrade putil-merge to version 3.8.0 or higher.

<3.8.0

Prototype Pollution

putil-merge is a Lightweight solution for merging multiple objects into one. Also it supports deep merge.

How to fix Prototype Pollution?

Upgrade putil-merge to version 3.7.0 or higher.

<3.7.0

Go back to all versions of this package