CVE-2020-28271

CVE-2020-28271 corresponds to a prototype-pollution vulnerability in the deephas package, affecting versions 1.0.0 through 1.0.5. The root cause is a prototype pollution flaw that enables an attacker to cause a denial of service and may lead to remote code execution. The vulnerability has modern ...

CVE-2026-25047

CVE-2026-25047 affects the deephas npm package, specifically version 1.0.7, which contains a prototype pollution vulnerability in its handling of nested object keys. The issue allows an attacker to modify global object behavior (e.g., via constructor.prototype.polluted or proto .polluted) and can...