VYPR

npm package

defu

pkg:npm/defu

Vulnerabilities (1)

  • CVE-2026-35209HigApr 6, 2026
    affected < 6.1.5fixed 6.1.5

    defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to `defu()` are vuln