Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution in deepmerge-ts
Vulnerability Description
deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). This issue has been patched in version 4.0.2. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-915
Vulnerability Title
deepmerge-ts 安全漏洞
Vulnerability Description
deepmerge-ts是一个npm包。用于深度合并 2 个或更多关于类型信息的对象。 deepmerge-ts 存在安全漏洞,该漏洞源于 deepmerge.ts 文件的 defaultMergeRecords() 函数的原型污染。
CVSS Information
N/A
Vulnerability Type
N/A