CVE-2020-7748: Uncontrolled Resource Consumption

October 20, 2020 (updated July 21, 2021)

This affects the package @tsed/core This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

References

nvd.nist.gov/vuln/detail/CVE-2020-7748

Code Behaviors & Features

Detect and mitigate CVE-2020-7748 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →