This affects the package doc-path before 2.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Information Disclosure
Doc Path
NVD
GitHub
CVSS 3.1
9.8
EPSS
2.7%
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
RCE
Prototype Pollution
Denial Of Service
Controlled Merge
NVD
GitHub
CVSS 3.1
7.5
EPSS
3.4%