Описание
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Ссылки
- Broken LinkPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- Broken LinkPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.65.7 (исключая)
cpe:2.3:a:ts.ed_project:ts.ed:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 68%
0.00555
Низкий
5.6 Medium
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-1321
Связанные уязвимости
EPSS
Процентиль: 68%
0.00555
Низкий
5.6 Medium
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-1321