CVE-2026-25047

deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8.

CVSS

No CVSS.

References

Link	Resource
https://github.com/sharpred/deepHas/commit/8097fafd3776c613d8066546653e0d2c7b5fc465
https://github.com/sharpred/deepHas/security/advisories/GHSA-2733-6c58-pf27

Configurations

No configuration.

History

No history.

Information

Published : 2026-01-29 22:15

Updated : 2026-01-29 22:15

NVD link : CVE-2026-25047

Mitre link : CVE-2026-25047

CVE.ORG link : CVE-2026-25047

JSON object : View

Products Affected

No product.

CWE

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

{"id": "CVE-2026-25047", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-29T22:15:55.647", "references": [{"url": "https://github.com/sharpred/deepHas/commit/8097fafd3776c613d8066546653e0d2c7b5fc465", "source": "security-advisories@github.com"}, {"url": "https://github.com/sharpred/deepHas/security/advisories/GHSA-2733-6c58-pf27", "source": "security-advisories@github.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-1321"}]}], "descriptions": [{"lang": "en", "value": "deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8."}, {"lang": "es", "value": "deepHas proporciona una prueba para la existencia de una clave de objeto anidado y opcionalmente devuelve esa clave. Existe una vulnerabilidad de contaminaci\u00f3n de prototipos en la versi\u00f3n 1.0.7 del paquete npm deephas que permite a un atacante modificar el comportamiento de objetos globales. Este problema fue solucionado en la versi\u00f3n 1.0.8."}], "lastModified": "2026-01-29T22:15:55.647", "sourceIdentifier": "security-advisories@github.com"}

CVE-2026-25047

JSON object

Attach tags to CVE-2026-25047

Attach tags to `CVE-2026-25047`