Home > Vulnerability Database > CVE-2020-7748

Mend.io Vulnerability Database

CVE-2020-7748

Good to know:

Date: October 20, 2020

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Language: TYPE_SCRIPT

Severity Score

5.6

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-7748

Url: https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b

Url: https://github.com/TypedProject/tsed/blob/production/packages/core/src/utils/deepExtends.ts%23L36

Url: https://github.com/tsedio/tsed

Url: https://www.mend.io/vulnerability-database/CVE-2020-7748

Severity Score

5.6

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-915

Top Fix

Upgrade Version

Upgrade to version @tsed/core - 5.65.7

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-7748

Good to know:

Date: October 20, 2020

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?