Vulnerability Description
deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). This issue has been patched in version 4.0.2. There are no known workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deepmerge-Ts Project | Deepmerge-Ts | < 4.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/RebeccaStevens/deepmerge-ts/commit/b39f1a93d9e1c3541bd2fe159fPatchThird Party Advisory
- https://github.com/RebeccaStevens/deepmerge-ts/commit/d637db7e4fb2bfb113cb4bc1c8PatchThird Party Advisory
- https://github.com/RebeccaStevens/deepmerge-ts/security/advisories/GHSA-r9w3-g83Third Party Advisory
- https://github.com/RebeccaStevens/deepmerge-ts/commit/b39f1a93d9e1c3541bd2fe159fPatchThird Party Advisory
- https://github.com/RebeccaStevens/deepmerge-ts/commit/d637db7e4fb2bfb113cb4bc1c8PatchThird Party Advisory
- https://github.com/RebeccaStevens/deepmerge-ts/security/advisories/GHSA-r9w3-g83Third Party Advisory
FAQ
What is CVE-2022-24802?
CVE-2022-24802 is a vulnerability with a CVSS score of 8.1 (HIGH). deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecord...
How severe is CVE-2022-24802?
CVE-2022-24802 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24802?
Check the references section above for vendor advisories and patch information. Affected products include: Deepmerge-Ts Project Deepmerge-Ts.