Количество 2
Количество 2
CVE-2025-3197
Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.
GHSA-4vjr-hfpp-2m7w
expand-object Vulnerable to Prototype Pollution via the expand() Function
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-3197 Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__. | CVSS3: 7.3 | 0% Низкий | 10 месяцев назад |
| GHSA-4vjr-hfpp-2m7w expand-object Vulnerable to Prototype Pollution via the expand() Function | CVSS3: 7.3 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу