EUVD-2021-0990

Malware in sbrugna...

Prototype Pollution

@tsed/core is vulnerable to Prototype Pollution. The vulnerability is due to the deepExtend function which lacks proper validation, allowing an attacker to overwrite and pollute the object prototype of a program when user input is provided...

@gearedminds/tsed-api-support (=2.0.0), @kabuce/api (=0.0.1-alpha.42) +20 more potentially affected by CVE-2020-7748 via @tsed/core (>=4.0.0 <=5.65.6)

@tsed/core NPM version =4.0.0, =5.0.4, =5.0.4, =5.0.4, =5.34.2, =5.60.0, =5.0.4, =5.0.4, =5.34.2, =5.45.0, =5.60.0, =5.34.2, =5.0.4, =5.0.4, =5.47.0 and more Source cves: CVE-2020-7748 Source advisory: OSV:GHSA-77XQ-CPVG-7XM2...

GHSA-77XQ-CPVG-7XM2 Prototype pollution in @tsed/core

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...

Prototype pollution in @tsed/core

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...

CVE-2020-7748

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...

CVE-2020-7748

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...

Directory traversal

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...

CVE-2020-7748

The CVE-2020-7748 entry affects the @tsed/core package (versions prior to 5.65.7) and is due to the deepExtend utility in the utils directory. The vulnerability enables prototype pollution when user input is supplied, allowing an attacker to overwrite properties on Object.prototype, with potentia...

PT-2020-19764 · Tsed · @Tsed/Core

Name of the Vulnerable Software and Affected Versions: @tsed/core versions prior to 5.65.7 Description: This issue relates to the deepExtend function, part of the utils directory. Depending on user input, an attacker can overwrite and pollute the object prototype of a program. Recommendations: Fo...

@gearedminds/tsed-api-support (=2.0.0), @kabuce/api (=0.0.1-alpha.42) +18 more potentially affected by CVE-2020-7748 via @tsed/core (>=5.0.1 <=5.65.6)

@tsed/core NPM version =5.0.1, =5.0.4, =5.0.4, =5.0.4, =5.34.2, =5.60.0, =5.0.4, =5.0.4, =5.34.2, =5.45.0, =5.60.0, =5.34.2, =5.0.4, =5.0.4, =5.47.0 and more Source cves: CVE-2020-7748 Source advisory: SNYK:JS-TSEDCORE-1019382...