Description
Gestor de Oferta is a web application for managing mobility service offerings. Prior to 20260509.0340.15, @tmlmobilidade/utils has a prototype pollution vulnerability in setValueAtPath() in packages/utils/src/generic/value-at-path.ts because unsafe path segments are not blocked. This issue is fixed in version 20260509.0340.15.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-cmxg-94mg-jq94 | @tmlmobilidade/utils has prototype pollution in its setValueAtPath |
References
History
Thu, 16 Jul 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Gestor de Oferta is a web application for managing mobility service offerings. Prior to 20260509.0340.15, @tmlmobilidade/utils has a prototype pollution vulnerability in setValueAtPath() in packages/utils/src/generic/value-at-path.ts because unsafe path segments are not blocked. This issue is fixed in version 20260509.0340.15. | |
| Title | Gestor de Oferta: Prototype pollution in @tmlmobilidade/utils setValueAtPath | |
| Weaknesses | CWE-1321 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-16T16:41:30.157Z
Reserved: 2026-05-11T20:50:30.539Z
Link: CVE-2026-45325
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Github GHSA