VDB
KO
MEDIUM 5.6

GHSA-77xq-cpvg-7xm2

Prototype pollution in @tsed/core

Details

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the `deepExtend` function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / @tsed/core
Introduced in: 0 Fixed in: 5.65.7
Fix npm install @tsed/core@5.65.7

References