Prototype Pollution Vulnerability in @tanstack/form-core
CVE-2024-57068
7.5HIGH
What is CVE-2024-57068?
A vulnerability in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 enables attackers to perform prototype pollution. By supplying a specially crafted payload, attackers can manipulate the object's prototype chain, potentially leading to unexpected behaviors in the application. This could result in a Denial of Service (DoS), impacting the availability and performance of services relying on this library.
