CVE-2020-7748

High

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils…

snyk·CWE-1321·Published 2020-10-20

CVSS

8.1

EPSS

0.02

KEV

Exploits

cve.orgen

263 chars

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

NVDen

263 chars

OSV.deven

265 chars

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the `deepExtend` function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

GHSAen

265 chars

NVDes

317 chars

Esto afecta al paquete @tsed/core versiones anteriores a 5.65.7. Esta vulnerabilidad se relaciona con la función deepExtend que es usada como parte del directorio utils. Dependiendo de si se proporciona la entrada de usuario, un atacante puede sobrescribir y contaminar el prototipo de objeto de un programa

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	5.6	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.1	Primary	cve.org	5.6	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.1	Secondary	GHSA	5.6	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Secondary	NVD	5.6	2.2	3.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L