GHSA-4vjr-hfpp-2m7w

Опубликовано: 04 апр. 2025

Источник: github

Github: Прошло ревью

CVSS4: 5.5

CVSS3: 7.3

Описание

expand-object Vulnerable to Prototype Pollution via the expand() Function

Versions of the package expand-object from 0.0.0 to 0.4.2 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto.

Ссылки

Пакеты

Наименование

expand-object

npm

Затронутые версииВерсия исправления

<= 0.4.2

Отсутствует

EPSS

Процентиль: 68%

0.00582

Низкий

5.5 Medium

CVSS4

7.3 High

CVSS3

CVE ID

CVE-2025-3197

Дефекты

CWE-1321

Связанные уязвимости

CVE-2025-3197

CVSS3: 7.3

nvd

10 месяцев назад

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.

EPSS

Процентиль: 68%

0.00582

Низкий

5.5 Medium

CVSS4

7.3 High

CVSS3

CVE ID

CVE-2025-3197

Дефекты

CWE-1321