Headline
GHSA-7qqq-gh2f-wq76: ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution
The package ts-deepmerge before version 2.0.2 is vulnerable to Prototype Pollution due to missing sanitization of the merge function.
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution
High severity GitHub Reviewed Published Aug 10, 2022 • Updated Aug 11, 2022
Related news
CVE-2022-25907: prevent against prototype pollution · voodoocreation/ts-deepmerge@9be5148
The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.