Headline
CVE-2022-24802: Build software better, together
deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). This issue has been patched in version 4.0.2. There are no known workarounds for this issue.
Prototype Pollution in deepmerge-ts
Package
npm deepmerge-ts (npm)
Description
deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords().
CVE ID
CVE-2022-24802
GHSA ID
GHSA-r9w3-g83q-m6hq
CWEs