Skip to main content

Merge

3 CVEs product

Monthly

CVE-2021-3645 npm CRITICAL POC PATCH Act Now

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Merge
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2018-16469 npm HIGH POC PATCH This Week

The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Merge
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2012-2980 HIGH This Week

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Samsung Google Authentication Bypass Status Chacha +7
NVD
CVSS 2.0
7.1
EPSS
3.2%
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Merge
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Merge
NVD
EPSS 3% CVSS 7.1
HIGH This Week

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Samsung Google Authentication Bypass +9
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy