ts-deepmerge is vulnerable to pollution prototype. The vulnerability exists because of missing sanitization of the merge parameters in ‘src/index.test.ts’, allowing an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or contaminating the base object.
CPE | Name | Operator | Version |
---|---|---|---|
ts-deepmerge | le | 2.0.1 | |
ts-deepmerge | le | 2.0.1 |