Skip to content

Prototype Pollution in deepmerge-ts

High
RebeccaStevens published GHSA-r9w3-g83q-m6hq Mar 31, 2022

Package

npm deepmerge-ts (npm)

Affected versions

<4.0.2

Patched versions

4.0.2

Description

deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords().

Severity

High

CVE ID

CVE-2022-24802

Weaknesses