CVE-2020-7748

Prototype Pollution

CVSS 5.6 MEDIUMEPSS 1.7%

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Affected products

n/a · @tsed/core

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36 https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382