EPSS
Percentile
78.3%
superjson, is vulnerable to prototype pollution. The vulnerability exists through the ‘getDeep’ function in ‘accessDeep.ts’ file allowing an attacker to exploit the vulnerability by injecting arbitrary code on the server.
github.com/blitz-js/blitz/commit/fa78180768aefd49200c346a3c226ad09b633af6
github.com/blitz-js/blitz/pull/3162
github.com/blitz-js/superjson/commit/0d68cd51a430999b848f6da7af528ee02560c883
github.com/blitz-js/superjson/security/advisories/GHSA-5888-ffcr-r425