CVE-2018-3722

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

Versions of `merge-deep` before 3.0.1 are vulnerable to prototype pollution via merging functions. ## Recommendation Update to version 3.0.1 or later.

Versions of `merge-deep` before 3.0.1 are vulnerable to prototype pollution via merging functions. ## Recommendation Update to version 3.0.1 or later.

El módulo de node merge-deep en versiones anteriores a la 3.0.1 se ve afectada por una vulnerabilidad MAID (modificación de datos asumidos como asumible), lo que permite que un usuario malicioso modifique el prototipo de "Object" mediante __proto__, provocando la adición o modificación de una propiedad existente que va a existir en todos los objetos.