CVE-2020-7748 Information

Description

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided an attacker can overwrite and pollute the object prototype of a program.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Reference

https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts23L36 https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

5.6