2 matches found
CVE-2022-24802
deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords. This issue has been patched in version 4.0.2. There are no known workarounds for this issue...
@arachnodex/core (>=1.0.0 <=1.0.7), @arachnodex/create (>=1.0.0 <=1.0.5) +16 more potentially affected by CVE-2022-24802 via deepmerge-ts (>=1.1.7 <=3.0.1)
deepmerge-ts NPM version =1.1.7, =1.0.0, =1.0.0, =1.0.0, =0.1.3, =1.6.0, =0.2.5, =3.19.0, =1.0.16, =0.1.0, =1.0.1, =1.0.10, =4.0.0, =0.1.0, =0.5.5 and more Source cves: CVE-2022-24802 Source advisory: OSV:GHSA-R9W3-G83Q-M6HQ...