MEDIUM
voodoocreation
CVE published 2026-06-19
CVE-2026-12644
CVE-2026-12644 is a vulnerability in ts-deepmerge, a package used for deep merging objects in TypeScript. Versions before 8.0.0 are susceptible to an Uncaught Exception due to improper handling of built-in Object.prototype methods such as toString and valueOf. When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken, causing any string context ope [truncated]