Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
RCE
Prototype Pollution
Denial Of Service
Controlled Merge
NVD
GitHub
CVSS 3.1
7.5
EPSS
3.4%