GHSA-CMXG-94MG-JQ94 @tmlmobilidade/utils has prototype pollution in its setValueAtPath

Impact Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath. Patches A fix is available in versions 20260509.0340.15 and up...

Prototype Pollution

Overview @tmlmobilidade/utils is an A collection of utility functions and helpers for the TML Mobilidade Go monorepo, providing common functionality for batching operations, caching, HTTP requests, object manipulation, permissions, and more. Affected versions of this package are vulnerable to...

@tmlmobilidade/utils has prototype pollution in its setValueAtPath

Impact Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath. Patches A fix is available in versions 20260509.0340.15 and up...

PT-2026-41773

Impact Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath. Patches A fix is available in versions 20260509.0340.15 and up...

Prototype Pollution

json-ptr is vulnerable to prototype pollution. The vulnerability exists in 'setValueAtPath' and 'unsetValueAtPath' functions in 'util.ts' because the type of user provided keys are not properly validated. An attacker is able to inject properties into existing construct prototypes and modify...