8 matches found
Prototype Pollution
@trpc/server is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of FormData field names in the formDataToObject function, which allows an attacker to submit specially crafted fields that pollute Object.prototype and potentially cause authorization bypass or denial...
tRPC has possible prototype pollution in `experimental_nextAppDirCaller`
Note that this vulnerability is only present when using experimentalcaller / experimentalnextAppDirCaller. Summary A Prototype Pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router adapter. An attacker can pollute Object.prototype by...
CVE-2025-68130
tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...
CVE-2025-68130 tRPC has possible prototype pollution in `experimental_nextAppDirCaller`
tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...
EUVD-2025-203822
tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...
CVE-2025-68130 tRPC has possible prototype pollution in `experimental_nextAppDirCaller`
tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...
tRPC 安全漏洞
tRPC is a TypeScript framework for building type-safe APIs from the tRPC community. A security vulnerability exists in tRPC versions prior to 10.45.3 and prior to 11.8.0, which stems from a prototype contamination in the formDataToObject function that could lead to authorization bypass or denial ...
PT-2025-51757
tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...