VYPR
← All advisories
Moderate severityNVD Advisory· Published May 30, 2023· Updated Jan 10, 2025

Prototype Pollution in antfu/utils

CVE-2023-2972

Description

Prototype pollution vulnerability in antfu/utils prior to 0.7.3 allows attackers to pollute Object.prototype via deepMerge.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Prototype pollution vulnerability in antfu/utils prior to 0.7.3 allows attackers to pollute Object.prototype via deepMerge.

Vulnerability

Description A prototype pollution vulnerability exists in the antfu/utils JavaScript library, affecting all versions prior to 0.7.3. The bug resides in the deepMerge function, which fails to properly sanitize input objects containing __proto__ keys. This allows an attacker to inject properties directly into Object.prototype, leading to prototype pollution [1][3].

Exploitation

To exploit this flaw, an attacker supplies a crafted object to deepMerge with a __proto__ property, such as {"__proto__":{"polluted":"Polluted!"}}. The merge operation then recursively copies this value onto the global prototype, affecting all objects in the application. The attack requires no authentication and can be triggered via any code path that passes user-controlled data to deepMerge [3][4].

Impact

Prototype pollution can lead to serious consequences, including denial of service, property injection, and, in some environments, arbitrary code execution or privilege escalation. The simple payload demonstrated in the fix's test case shows that even basic usage can universally pollute object properties across the runtime [3].

Mitigation

The vulnerability was fixed in version 0.7.3. Users should upgrade immediately to this patched version. The fix, introduced in commit 7f8b16c [3], properly skips or sanitizes keys like __proto__, constructor, and prototype during deep merge operations. No workaround exists other than upgrading [1][4].

References
  1. NVD - CVE-2023-2972
  2. fix(deepMerge): prototype pollution · antfu/utils@7f8b16c
  3. The world’s first bug bounty platform for AI/ML

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@antfu/utilsnpm
< 0.7.30.7.3

Affected products

2

Patches

1
7f8b16c6181c

fix(deepMerge): prototype pollution

https://github.com/antfu/utilsAnthony FuMay 30, 2023via ghsa
commit
2 files changed · +15 0
  • src/object.test.ts+12 0 modified
    @@ -51,4 +51,16 @@ describe('deepMerge', () => {
     const obj2 = { a: ['C'], b: ['D'] }
     expect(deepMerge({}, obj1, obj2)).toEqual({ a: ['C'], b: ['D'] })
   })
+
+  it('prototype pollution 1', () => {
+    const obj = {} as any
+    const obj2 = {} as any
+    const payload = JSON.parse('{"__proto__":{"polluted":"Polluted!"}}')
+
+    expect(obj.polluted).toBeUndefined()
+    expect(obj2.polluted).toBeUndefined()
+    deepMerge(obj, payload)
+    expect(obj.polluted).toBeUndefined()
+    expect(obj2.polluted).toBeUndefined()
+  })
 })
  • src/object.ts+3 0 modified
    @@ -82,6 +82,9 @@ export function deepMerge<T extends object = object, S extends object = T>(targe
 
   if (isMergableObject(target) && isMergableObject(source)) {
     objectKeys(source).forEach((key) => {
+      if (key === '__proto__' || key === 'constructor' || key === 'prototype')
+        return
+
       // @ts-expect-error
       if (isMergableObject(source[key])) {
         // @ts-expect-error

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.