MEDIUM 5.3

GHSA-87mf-gv2c-c62c

ts-deepmerge: Prototype Method Override leads to DoS

상세

Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods (such as toString, valueOf). When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken — any string context operation throws a TypeError, crashing the application.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / ts-deepmerge

최초 영향 버전: 0 수정 버전: 8.0.0

수정 npm install ts-deepmerge@8.0.0

참고

https://nvd.nist.gov/vuln/detail/CVE-2026-12644 [ADVISORY]
https://github.com/voodoocreation/ts-deepmerge/commit/305a05831a462fb2c353d3cbbff55a0733286f8c [WEB]
https://gist.github.com/igorg1312/775fa00114c4d47df6ae0551779ab407 [WEB]
https://github.com/voodoocreation/ts-deepmerge [PACKAGE]
https://security.snyk.io/vuln/SNYK-JS-TSDEEPMERGE-17339141 [WEB]