EUVD-2022-6507

Malicious code in bioql PyPI...

Prototype Pollution

ts-deepmerge is vulnerable to pollution prototype. The vulnerability exists because of missing sanitization of the merge parameters in 'src/index.test.ts', allowing an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or...

GHSA-7QQQ-GH2F-WQ76 ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution

The package ts-deepmerge before version 2.0.2 is vulnerable to Prototype Pollution due to missing sanitization of the merge function...

@alloyify/anvil (>=1.1.2 <=1.1.4), @alloyify/devkit (>=1.1.2 <=1.1.4) +68 more potentially affected by CVE-2022-25907 via ts-deepmerge (>=1.0.5 <=2.0.1)

ts-deepmerge NPM version =1.0.5, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =0.0.2, =0.2.0, =0.1.1, =2.4.6-alpha.3, =1.1.0, =0.1.0, =0.12.2, =0.0.1, =1.0.0-beta.1, =1.0.6 and more Source cves: CVE-2022-25907 Source advisory: OSV:GHSA-7QQQ-GH2F-WQ76...

ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution

The package ts-deepmerge before version 2.0.2 is vulnerable to Prototype Pollution due to missing sanitization of the merge function...

CVE-2022-25907

The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function...

CVE-2022-25907

The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function...

CVE-2022-25907

CVE-2022-25907 affects the npm package ts-deepmerge prior to 2.0.2 and is caused by missing sanitization in the merge function, enabling prototype pollution. The vulnerability is described across multiple sources as allowing modification/ contamination of Object.prototype, with potential impact o...

CVE-2022-25907 Prototype Pollution

The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function...

CVE-2022-25907

The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function...

PT-2022-17598 · Unknown · Ts-Deepmerge

Name of the Vulnerable Software and Affected Versions: ts-deepmerge versions prior to 2.0.2 Description: The issue is related to Prototype Pollution due to missing sanitization of the merge function. This allows for potential manipulation of the prototype, leading to various security issues...

@alloyify/anvil (>=1.1.2 <=1.1.4), @alloyify/devkit (>=1.1.2 <=1.1.4) +12 more potentially affected by CVE-2022-25907 via ts-deepmerge (=2.0.1)

ts-deepmerge NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on ts-deepmerge and may be impacted: - @alloyify/anvil =1.1.2, =1.1.2, =1.1.2, =1.1.2, =0.0.0-canary-20220330074435, =0.0.0-canary-20220330074435, =5.0.24, =11.1.27, =4.0.22,...