deepmerge-ts 安全漏洞

deepmerge-ts is an npm package. It is used to deep merge 2 or more objects with respect to type information. A security vulnerability exists in deepmerge-ts that stems from prototype contamination in the defaultMergeRecords function of the deepmerge.ts file...

Prototype Pollution in comb

All versions of package comb are vulnerable to Prototype Pollution via the deepMerge function...

GHSA-VXR4-RXW7-G7V6 Prototype Pollution in comb

All versions of package comb are vulnerable to Prototype Pollution via the deepMerge function...

Prototype Pollution in sey

All versions of package sey are vulnerable to Prototype Pollution via the deepmerge function...

GHSA-WJPC-CGVW-XX23 Prototype Pollution in sey

All versions of package sey are vulnerable to Prototype Pollution via the deepmerge function...

Prototype Pollution

comb is vulnerable to prototype pollution. The function deepMerge allows an attacker to get control of value of “path” and modify attributes such as proto, constructor and prototype...

CVE-2021-23561

All versions of package comb are vulnerable to Prototype Pollution via the deepMerge function...

CVE-2021-23663

All versions of package sey are vulnerable to Prototype Pollution via the deepmerge function...

Design/Logic Flaw

All versions of package comb are vulnerable to Prototype Pollution via the deepMerge function...

CVE-2021-23663

CVE-2021-23663 affects the JavaScript package sey across all versions, with prototype pollution via deepmerge(). The attackable component is the deepmerge() function, enabling property injection into Object.prototype and potential DoS or remote code execution. The connected sources confirm all ve...

CVE-2021-23561

CVE-2021-23561 affects the npm package comb, where the deepMerge() function enables Prototype Pollution. The vulnerability arises from unsafe recursive merge and path-based property assignment, allowing an attacker to modify Object.prototype properties (e.g., proto , constructor, prototype). Docu...

CVE-2021-23561 Prototype Pollution

All versions of package comb are vulnerable to Prototype Pollution via the deepMerge function...

Eserozvataf Sey 代码问题漏洞

Eserozvataf Sey is a simple JavaScript bundler with declarative and simple configuration. A code issue vulnerability exists in Eserozvataf Sey, which arises from the product's susceptibility to prototype contamination by the deepmerge function. The following products and versions are affected:...

Prototype Pollution

Overview comb is a framework for node Affected versions of this package are vulnerable to Prototype Pollution via the deepMerge function. PoC: // PoC.js var deepMerge = require"comb/lib/base/object.js".deepMerge var obj = var maliciouspayload = '"proto":"polluted":"Yes! Its Polluted"';...

Prototype Pollution

Overview sey is a Simple JavaScript build tool with declarative and easy configuration Affected versions of this package are vulnerable to Prototype Pollution via the deepmerge function. PoC // Create the following PoC file: // PoC.js var deepmerge = require"sey/lib/utils/deepmerge.js" var obj =...

Prototype Pollution in deepmergefn

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function...

GHSA-VJ72-MWRJ-M2XQ Prototype Pollution in deepmergefn

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function...

CVE-2021-23417

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function...

CVE-2021-23417

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function...

deepmergefn 安全漏洞

deepmergefn is an application. A deepmergefn mixes two data objects. deepmergefn suffers from a security vulnerability that stems from vulnerability to prototype contamination via the deepMerge function, which can be exploited by attackers to cause remote code execution...