4 matches found
@gearedminds/tsed-api-support (=2.0.0), @kabuce/api (=0.0.1-alpha.42) +20 more potentially affected by CVE-2020-7748 via @tsed/core (>=4.0.0 <=5.65.6)
@tsed/core NPM version =4.0.0, =5.0.4, =5.0.4, =5.0.4, =5.34.2, =5.60.0, =5.0.4, =5.0.4, =5.34.2, =5.45.0, =5.60.0, =5.34.2, =5.0.4, =5.0.4, =5.47.0 and more Source cves: CVE-2020-7748 Source advisory: OSV:GHSA-77XQ-CPVG-7XM2...
CVE-2020-7748
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...
CVE-2020-7748 Prototype Pollution
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...
CVE-2020-7748
The CVE-2020-7748 entry affects the @tsed/core package (versions prior to 5.65.7) and is due to the deepExtend utility in the utils directory. The vulnerability enables prototype pollution when user input is supplied, allowing an attacker to overwrite properties on Object.prototype, with potentia...