Skip to content

deepmerge-ts dependency <4.0.2 has a security vulnerability CVE-2022-24802 #357

New issue
New issue
Closed
#359
Closed
deepmerge-ts dependency <4.0.2 has a security vulnerability CVE-2022-24802#357
#359
Labels
Resolution: FixedThe issue has been fixed.Status: ReleasedIt's now live.Status: TriageThis issue needs to be triaged.Type: BugInconsistencies or issues which will cause a problem for users or implementors.
@radomirbosak

Description

@radomirbosak
radomirbosak
opened on Apr 6, 2022

Bug Report

deepmerge-js < 4.0.2 apparently contains a Prototype Pollution security vulnerability as reported in

https://security.snyk.io/vuln/SNYK-JS-DEEPMERGETS-2438399
https://nvd.nist.gov/vuln/detail/CVE-2022-24802

Proposed changes

Update the deepmerge-js to version >= 4.0.2 in package.json

Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    Resolution: FixedThe issue has been fixed.Status: ReleasedIt's now live.Status: TriageThis issue needs to be triaged.Type: BugInconsistencies or issues which will cause a problem for users or implementors.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions