IgorGarofano

1 exploit Active since Jun 2026
CVE-2026-12644 WRITEUP MEDIUM WRITEUP
Ts-deepmerge < 8.0.0 - Uncaught Exception
Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods (such as toString, valueOf). When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken — any string context operation throws a TypeError, crashing the application.
CVSS 5.3