deepHas vulnerable to Prototype Pollution via constructor.prototype_CVE-2026-25047

9.4 / 10

CRITICAL

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8.

Basic Information

ID CVE-2026-25047

Source GitHub_M

Published Jan 29, 2026 at 21:39

Affected Product

Vendor sharpred

Product deepHas

Version < 1.0.7

Affected Versions sharpred deepHas < 1.0.7

CWE Classification

CWE-1321

References

{
    "lastseen": "",
    "description": "deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8.",
    "published": "2026-01-29T21:39:48.498Z",
    "modified": "2026-01-29T21:39:48.498Z",
    "type": "cve",
    "title": "deepHas vulnerable to Prototype Pollution via constructor.prototype",
    "source": "GitHub_M",
    "references": "https://github.com/sharpred/deepHas/security/advisories/GHSA-2733-6c58-pf27\nhttps://github.com/sharpred/deepHas/commit/8097fafd3776c613d8066546653e0d2c7b5fc465",
    "id": "CVE-2026-25047",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1321"
    ],
    "cvelist": null,
    "sourceData": "sharpred deepHas < 1.0.7",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "deepHas",
    "version": "< 1.0.7",
    "vendor": "sharpred",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}