2 matches found
Prototype Pollution
Overview dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values, which may result ...
CVE-2025-57347
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...