Description
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.
Remediation
References
https://github.com/VladimirShestakov/merge-change/blob/9901f145e06158f284f52de42e6ba5b0f702fb65/utils.js%23L89-L123
https://snyk.io/vuln/SNYK-JS-MERGECHANGE-1310985
Related Vulnerabilities
CVE-2022-25871 Vulnerability in npm package querymen
CVE-2021-21297 Vulnerability in npm package @node-red/runtime
CVE-2022-36364 Vulnerability in maven package org.apache.calcite.avatica:avatica-core
CVE-2021-21290 Vulnerability in maven package io.netty:netty-codec-http
CVE-2022-21169 Vulnerability in npm package express-xss-sanitizer