QwikSec

Security Database

CVE

CWE

Training

CVE-2026-25047

Published: Jan 29, 2026

Modified: Feb 2, 2026

PUBLISHED

Description

deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8.

Vendor	Product	Versions
sharpred	deepHas	affected `< 1.0.7`

Weaknesses (CWE)

References

https://github.com/sharpred/deepHas/security/advisories/GHSA-2733-6c58-pf27

x_refsource_CONFIRM

https://github.com/sharpred/deepHas/commit/8097fafd3776c613d8066546653e0d2c7b5fc465

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.