Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties into the global object's prototype, potentially leading to application crashes, unexpected code execution behaviors, or bypasses of security-critical validation logic dependent on prototype integrity. The vulnerability stems from improper handling of deep property assignment operations within the library's public API functions. This issue remains unaddressed in the latest available version.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ts-fns 安全漏洞
Vulnerability Description
ts-fns是tangshuang个人开发者的一个java库 ts-fns 13.0.7之前版本存在安全漏洞,该漏洞源于assign函数对用户提供键的验证不足,可能导致原型污染攻击。
CVSS Information
N/A
Vulnerability Type
N/A