Merge
Monthly
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.