CVE-2020-28499

All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .

Source: CVE-2020-28499