Lucene search

PRIOn knowledge basePRION:CVE-2022-25907

HistoryAug 09, 2022 - 5:15 a.m.

Design/Logic Flaw

2022-08-0905:15:00

PRIOn knowledge base

www.prio-n.com

prototype pollution

missing sanitization

vulnerable package

nvd

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.3%

The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.

CPENameOperatorVersion
typescript_deep_mergelt2.0.2

CPE	Name	Operator	Version
	typescript_deep_merge	lt	2.0.2

References

github.com/voodoocreation/ts-deepmerge/commit/9be5148773343c57be9de39728d6ead18eddf10b

github.com/voodoocreation/ts-deepmerge/releases/tag/2.0.2

security.snyk.io/vuln/SNYK-JS-TSDEEPMERGE-2959975