📦

merge

Vendor: merge_project

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 4 Total Indexed

Avg. EPSS 1.01% Exploit Prob.

Latest CVE CVE-2021-23397 Jul 25

Security Vulnerability Index

Page 1 / 1

5.6 CVSS

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.

EPSS: 0.39%

Severity: MEDIUM

Jul 25, 2022

9.8 CVSS

CVE-2021-3645

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

EPSS: 0.45%

Severity: CRITICAL

Sep 10, 2021

7.3 CVSS

CVE-2020-28499

All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .

EPSS: 0.54%

Severity: HIGH

Feb 18, 2021

7.5 CVSS

CVE-2018-16469

The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.

EPSS: 0.41%

Severity: HIGH

Oct 30, 2018

7.1 CVSS

CVE-2012-2980

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.

EPSS: 3.25%

Severity: HIGH

Aug 21, 2012

Displaying 5 of 4 Total Entries

Total 1 Sections