CVE-2022-25907: ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution
(updated )
The package ts-deepmerge before 2.0.2 is vulnerable to Prototype Pollution due to missing sanitization of the merge function.
References
Detect and mitigate CVE-2022-25907 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →