CVE-2025-57330

The CVE-2025-57330 entry describes a Prototype Pollution in web3-core-subscriptions (attachToObject) affecting version 1.10.4 and earlier. The vulnerability allows an attacker to inject properties into Object.prototype via a crafted payload, with the documented minimum impact being Denial of Serv...

Web3.js 安全漏洞

Web3.js is a TypeScript implementation of the Ethernet JSON RPC API open-sourced by Web3 and related tools maintained by ChainSafe Systems. A security vulnerability exists in Web3.js versions 1.10.4 and earlier, which stems from prototype contamination in the attachToObject function and could lea...

CVE-2025-57329

CVE-2025-57329 affects the JavaScript package web3-core-method (attachToObject) up to version 1.10.4. A prototype pollution flaw allows an attacker-supplied payload to inject properties into Object.prototype, potentially causing a denial of service (DoS) as the minimum consequence. Public referen...

Web3.js 安全漏洞

Web3.js is a TypeScript implementation of the Ethernet JSON RPC API open-sourced by Web3 and related tools maintained by ChainSafe Systems. A security vulnerability exists in Web3.js versions 1.10.4 and earlier, which stems from prototype contamination in the attachToObject function and could lea...