Vulnerabilities > CVE-2020-7748 - Unspecified vulnerability in Ts.Ed Project Ts.Ed

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

ts-ed-project

NVD

Published: 2020-10-20

Updated: 2022-12-02

Summary

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Vulnerable Configurations

Part	Description	Count
Application	Ts.Ed_Project Ts.Ed Project Ts.Ed *	1

References

https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382
https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b
https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36