15 matches found
Prototype Pollution
sassdoc-extras is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the byGroupAndType function, which allows an attacker to inject arbitrary properties into Object.prototype, potentially leading to denial of service or unexpected...
EUVD-2025-31057
Malicious code in bioql PyPI...
CVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
@advclb/sassdoc-loader (=0.1.0), @alifd/sassdoc-parser (>=0.1.0 <=2.0.1) +148 more potentially affected by CVE-2025-57326 via sassdoc-extras (>=1.0.3 <=3.0.0)
sassdoc-extras NPM version =1.0.3, =0.1.0, =0.0.3, =0.0.3, =0.0.8, =3.0.0, =3.2.0, =2.3.0, =0.0.1, =0.1.2, =10.1.0, =10.18.0, =0.1.18, =99.0.372 and more Source cves: CVE-2025-57326 Source advisory: SNYK:JS-SASSDOCEXTRAS-13110008...
Prototype Pollution
Overview sassdoc-extras is a SassDoc's Toolbelt Affected versions of this package are vulnerable to Prototype Pollution via the byGroupAndType function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or...
GHSA-3MPM-JX38-9M8W sassdoc-extras vulnerable to prototype pollution
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
sassdoc-extras vulnerable to prototype pollution
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
@advclb/sassdoc-loader (=0.1.0), @alifd/sassdoc-parser (>=0.1.0 <=2.0.1) +148 more potentially affected by CVE-2025-57326 via sassdoc-extras (>=1.0.3 <=3.0.0)
sassdoc-extras NPM version =1.0.3, =0.1.0, =0.0.3, =0.0.3, =0.0.8, =3.0.0, =3.2.0, =2.3.0, =0.0.1, =0.1.2, =10.1.0, =10.18.0, =0.1.18, =99.0.372 and more Source cves: CVE-2025-57326 Source advisory: OSV:GHSA-3MPM-JX38-9M8W...
CVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
CVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
PT-2025-39335
Name of the Vulnerable Software and Affected Versions sassdoc-extras versions 2.5.1 and before Description A Prototype Pollution issue exists in the byGroupAndType function. This allows attackers to inject properties onto Object.prototype by providing a specially crafted input. This can lead to a...
CVE-2025-57326
CVE-2025-57326 concerns a prototype pollution in the SassDoc extras package. Affected versions: sassdoc-extras v2.5.1 and earlier. The vulnerability is caused by the byGroupAndType function, which improperly handles user-supplied input and can inject properties into Object.prototype. Impact state...
SassDoc Extras 安全漏洞
SassDoc Extras is a SassDoc theme builder from SassDoc Open Source. A security vulnerability exists in SassDoc Extras 2.5.1 and earlier versions, which stems from a prototype contamination in the byGroupAndType function, which allows an attacker to inject attributes via a specially crafted payloa...
CVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
CVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...