MEDIUM 5.6
GHSA-77xq-cpvg-7xm2
Prototype pollution in @tsed/core
Details
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the `deepExtend` function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2020-7748 [ADVISORY]
- https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b [WEB]
- https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36 [WEB]
- https://github.com/tsedio/tsed [PACKAGE]
- https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382 [WEB]