org.webjars.npm:ts-deepmerge@7.0.2

  • latest version

    7.0.3

  • first published

    6 months ago

  • latest version published

    6 months ago

  • licenses detected

  • package registry

  • Direct Vulnerabilities

    Known vulnerabilities in the org.webjars.npm:ts-deepmerge package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Uncaught Exception

    org.webjars.npm:ts-deepmerge is an a deep merge function that automatically infers the return type based on your input, without mutating the source objects.

    Affected versions of this package are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods (such as toString, valueOf). When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken — any string context operation throws a TypeError, crashing the application.

    How to fix Uncaught Exception?

    A fix was pushed into the master branch but not yet published.

    [0,)