Launchpad.net

CVE 2019-10768

In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.

See the CVE page on Mitre.org for more details.