Vulnerabilities > CVE-2022-25907 - Unspecified vulnerability in Typescript Deep Merge Project Typescript Deep Merge
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.
Vulnerable Configurations
References
- https://github.com/voodoocreation/ts-deepmerge/commit/9be5148773343c57be9de39728d6ead18eddf10b
- https://github.com/voodoocreation/ts-deepmerge/commit/9be5148773343c57be9de39728d6ead18eddf10b
- https://github.com/voodoocreation/ts-deepmerge/releases/tag/2.0.2
- https://github.com/voodoocreation/ts-deepmerge/releases/tag/2.0.2
- https://security.snyk.io/vuln/SNYK-JS-TSDEEPMERGE-2959975
- https://security.snyk.io/vuln/SNYK-JS-TSDEEPMERGE-2959975