High severity7.5GHSA Advisory· Published Feb 5, 2025· Updated Apr 15, 2026
CVE-2024-57079
CVE-2024-57079
Description
A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@zag-js/corenpm | < 0.82.2 | 0.82.2 |
Affected products
2Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.