Description
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
References (3)
Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382
Broken Link, Patch, Third Party Advisory x_refsource_misc
https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36
Patch, Third Party Advisory x_refsource_misc
https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b
Scores
CVSS v3
5.6
EPSS
0.0170
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-1321
Status
published
Products (2)
ts.ed_project/ts.ed
< 5.65.7
tsed/core
0 - 5.65.7npm
Published
Oct 20, 2020
Tracked Since
Feb 18, 2026