Описание
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution
The package ts-deepmerge before version 2.0.2 is vulnerable to Prototype Pollution due to missing sanitization of the merge function.
Пакеты
Наименование
ts-deepmerge
npm
Затронутые версииВерсия исправления
< 2.0.2
2.0.2
Связанные уязвимости
CVSS3: 7.5
nvd
больше 3 лет назад
The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.