The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.
References
Link | Resource |
---|---|
https://github.com/voodoocreation/ts-deepmerge/commit/9be5148773343c57be9de39728d6ead18eddf10b | Patch Third Party Advisory |
https://github.com/voodoocreation/ts-deepmerge/releases/tag/2.0.2 | Release Notes Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-TSDEEPMERGE-2959975 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2022-08-09T00:00:00
Updated: 2022-08-09T05:00:17
Reserved: 2022-02-24T00:00:00
Link: CVE-2022-25907
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-09T05:15:07.373
Modified: 2022-08-12T14:54:14.517
Link: CVE-2022-25907
JSON object: View
Redhat Information
No data.
CWE