Severity: Critical
CVSS Score: 9.8
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')