← Volver a CVEs
CVE-2026-25047
HIGH8.8
Descripcion
deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/29/2026
Ultima modificacion2/25/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
sharpred:deephas
Debilidades (CWE)
CWE-1321
Referencias
https://github.com/sharpred/deepHas/commit/8097fafd3776c613d8066546653e0d2c7b5fc465(security-advisories@github.com)
https://github.com/sharpred/deepHas/security/advisories/GHSA-2733-6c58-pf27(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.