Description
A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to version 2.3.1 is able to mitigate this issue. The name of the patch is e46af9879b7627934ea4d6d6e46e65cea53abb3d. The affected component should be upgraded.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 14 Jul 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to version 2.3.1 is able to mitigate this issue. The name of the patch is e46af9879b7627934ea4d6d6e46e65cea53abb3d. The affected component should be upgraded. | |
| Title | tamagui config.ts updateConfig prototype pollution | |
| First Time appeared |
Tamagui
Tamagui tamagui |
|
| Weaknesses | CWE-1321 CWE-94 |
|
| CPEs | cpe:2.3:a:tamagui:tamagui:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Tamagui
Tamagui tamagui |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-14T16:45:09.501Z
Reserved: 2026-07-14T05:29:15.935Z
Link: CVE-2026-15702
No data.
No data.
No data.
OpenCVE Enrichment
No data.