Vulnerability Details CVE-2020-7748
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.1%
CVSS Severity
CVSS v3 Score 5.6
CVSS v2 Score 6.8
References
- https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36
- https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b
- https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382
- https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36
- https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b
- https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382
Products affected by CVE-2020-7748
-
cpe:2.3:a:ts.ed_project:ts.ed:*