CVE-2020-7748
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Summary
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | @tsed/core | unspecified < 5.65.7 | affected |
Weaknesses
- Prototype Pollution
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382
- https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36
- https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b
References
- https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382
- https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36
- https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.