CVE-2026-45325

HIGH8.2

@tmlmobilidade/utils has prototype pollution in its setValueAtPath

Published: 5/18/2026Modified: 5/18/2026

Description

### Impact Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath(). ### Patches A fix is available in versions 20260509.0340.15 and up.

Affected packages (1)

npm/@tmlmobilidade/utilsfrom 0, < 20260509.0340.15

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

References (4)

PATCHhttps://github.com/tmlmobilidade/go
WEBhttps://github.com/tmlmobilidade/go/blob/prd/packages/utils/src/generic/value-at-path.ts
WEBhttps://github.com/tmlmobilidade/go/commit/b10505baa7ba0701f830a05f3007c0a6bdd00eb7
WEBhttps://github.com/tmlmobilidade/go/security/advisories/GHSA-cmxg-94mg-jq94