Описание
Prototype pollution in @tsed/core
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Пакеты
Наименование
@tsed/core
npm
Затронутые версииВерсия исправления
< 5.65.7
5.65.7
Связанные уязвимости
CVSS3: 5.6
nvd
больше 5 лет назад
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.