← voltar
CVE-2020-7748

Prototype Pollution

CVSS 5.6 MEDIUMEPSS 1.7%
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Produtos afetados
n/a · @tsed/core

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761bhttps://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382