3 matches found
CVE-2022-25907
CVE-2022-25907 affects the npm package ts-deepmerge prior to 2.0.2 and is caused by missing sanitization in the merge function, enabling prototype pollution. The vulnerability is described across multiple sources as allowing modification/ contamination of Object.prototype, with potential impact o...
CVE-2022-25907 Prototype Pollution
The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function...
@alloyify/anvil (>=1.1.2 <=1.1.4), @alloyify/devkit (>=1.1.2 <=1.1.4) +12 more potentially affected by CVE-2022-25907 via ts-deepmerge (=2.0.1)
ts-deepmerge NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on ts-deepmerge and may be impacted: - @alloyify/anvil =1.1.2, =1.1.2, =1.1.2, =1.1.2, =0.0.0-canary-20220330074435, =0.0.0-canary-20220330074435, =5.0.24, =11.1.27, =4.0.22,...