CVE-2026-25047 | THREATINT

Description

deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8.

PUBLISHED Reserved 2026-01-28 | Published 2026-01-29 | Updated 2026-02-02 | Assigner GitHub_M

CRITICAL: 9.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Product status

< 1.0.7

affected

References

github.com/...eepHas/security/advisories/GHSA-2733-6c58-pf27

github.com/...ommit/8097fafd3776c613d8066546653e0d2c7b5fc465

cve.org (CVE-2026-25047)

nvd.nist.gov (CVE-2026-25047)

Download JSON