{"vulnerability": "CVE-2021-23470", "sightings": [{"uuid": "664f30c3-dbb9-4ea8-9e8c-dd32bf872c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-23470", "type": "seen", "source": "https://t.me/cibsecurity/36873", "content": "\u203c CVE-2021-23470 \u203c\n\nThis affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-04T22:36:26.000000Z"}]}