cvedb.io
CVE-2022-24802
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2022-04-01T00:15:08.763 · Last modified 2026-06-17T04:32:33.173

Summary

deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). This issue has been patched in version 4.0.2. There are no known workarounds for this issue.

Affected products

deepmerge-ts_project — deepmerge-ts

Does this affect you?

Add your gear to cvedb and we'll alert you only when deepmerge-ts_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.