Описание
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3.
EPSS
Процентиль: 71%
0.00668
Низкий
Дефекты
CWE-1321
Связанные уязвимости
github
10 месяцев назад
estree-util-value-to-estree allows prototype pollution in generated ESTree
EPSS
Процентиль: 71%
0.00668
Низкий
Дефекты
CWE-1321