GHSA-77xq-cpvg-7xm2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-77xq-cpvg-7xm2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-77xq-cpvg-7xm2/GHSA-77xq-cpvg-7xm2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-77xq-cpvg-7xm2
- Aliases
- Published
- 2021-05-10T19:07:56Z
- Modified
- 2024-05-08T06:58:44.701641Z
- Severity
-
- 5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Prototype pollution in @tsed/core
- Details
-
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the
deepExtendfunction which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. - Database specific
{ "nvd_published_at": "2020-10-20T11:15:00Z", "cwe_ids": [ "CWE-1321", "CWE-915" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-04-20T17:41:36Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-7748
- https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b
- https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36
- https://github.com/tsedio/tsed
- https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382
Affected packages
npm / @tsed/core
Package
- Name
- @tsed/core
- View open source insights on deps.dev
- Purl
- pkg:npm/%40tsed/core