What is GHSA-cmxg-94mg-jq94?

GHSA-cmxg-94mg-jq94 is a security advisory published by GitHub Security Advisories with High severity. @tmlmobilidade/utils has prototype pollution in its setValueAtPath

Which CVE IDs does GHSA-cmxg-94mg-jq94 cover?

GHSA-cmxg-94mg-jq94 covers the following CVE IDs: CVE-2026-45325. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-cmxg-94mg-jq94?

GHSA-cmxg-94mg-jq94 has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

Which products are affected by GHSA-cmxg-94mg-jq94?

GHSA-cmxg-94mg-jq94 affects 1 product, including: npm/@tmlmobilidade/utils:\u003c 20260509.0340.15.

GHSA-cmxg-94mg-jq94HighCVSS 8.2

@tmlmobilidade/utils has prototype pollution in its setValueAtPath

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-45325 →

📋 Description

### Impact Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath(). ### Patches A fix is available in versions 20260509.0340.15 and up.

🎯 Affected products1

npm/@tmlmobilidade/utils:< 20260509.0340.15

🔗 References (4)

https://github.com/tmlmobilidade/go/security/advisories/GHSA-cmxg-94mg-jq94
https://github.com/tmlmobilidade/go/commit/b10505baa7ba0701f830a05f3007c0a6bdd00eb7
https://github.com/tmlmobilidade/go/blob/prd/packages/utils/src/generic/value-at-path.ts
https://github.com/advisories/GHSA-cmxg-94mg-jq94