CVE-2021-23421
MEDIUMmerge-change - Prototype Pollution via utils.set Function
Title source: llmDescription
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-MERGECHANGE-1310985
Broken Link x_refsource_misc
https://github.com/VladimirShestakov/merge-change/blob/9901f145e06158f284f52de42e6ba5b0f702fb65/utils.js%23L89-L123
Scores
CVSS v3
5.6
EPSS
0.0108
EPSS Percentile
60.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-1321
Status
published
Products (2)
merge-change_project/merge-change
npm/merge-change
0npm
Published
Aug 11, 2021
Tracked Since
Feb 18, 2026