CVE-2026-45325: @tmlmobilidade/utils has prototype pollution in its setValueAtPath
Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath().
References
- github.com/advisories/GHSA-cmxg-94mg-jq94
- github.com/tmlmobilidade/go/blob/prd/packages/utils/src/generic/value-at-path.ts
- github.com/tmlmobilidade/go/commit/b10505baa7ba0701f830a05f3007c0a6bdd00eb7
- github.com/tmlmobilidade/go/security/advisories/GHSA-cmxg-94mg-jq94
- nvd.nist.gov/vuln/detail/CVE-2026-45325
Code Behaviors & Features
Detect and mitigate CVE-2026-45325 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →