PatchSiren

voodoocreation CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM voodoocreation CVE published 2026-06-19

CVE-2026-12644

CVE-2026-12644 is a vulnerability in ts-deepmerge, a package used for deep merging objects in TypeScript. Versions before 8.0.0 are susceptible to an Uncaught Exception due to improper handling of built-in Object.prototype methods such as toString and valueOf. When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken, causing any string context ope [truncated]