12 matches found
Prototype Pollution
csvjson is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the toCsv function, which allows an attacker to supply a crafted payload to inject properties on Object.prototype, potentially leading to denial of service DoS or unexpected...
EUVD-2025-31049
Malicious code in bioql PyPI...
CVE-2025-57318
A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
@amoscmc/dummy-package (>=1.3.1 <=1.3.3), @bitrefill/airfill-widget (>=4.2.2 <=4.8.3) +87 more potentially affected by CVE-2025-57318 via csvjson (>=1.0.5 <=5.1.0)
csvjson NPM version =1.0.5, =1.3.1, =4.2.2, =1.0.0, =1.0.6, =1.0.93, =0.0.4, =0.1.0, =0.5.1, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =1.1.1 and more Source cves: CVE-2025-57318 Source advisory: OSV:GHSA-XQ4F-3JXP-QV6M...
csvjson vulnerable to prototype injection
A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
@amoscmc/dummy-package (>=1.3.1 <=1.3.3), @bitrefill/airfill-widget (>=4.2.2 <=4.8.3) +87 more potentially affected by CVE-2025-57318 via csvjson (>=1.0.5 <=5.1.0)
csvjson NPM version =1.0.5, =1.3.1, =4.2.2, =1.0.0, =1.0.6, =1.0.93, =0.0.4, =0.1.0, =0.5.1, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =1.1.1 and more Source cves: CVE-2025-57318 Source advisory: SNYK:JS-CSVJSON-13110014...
GHSA-XQ4F-3JXP-QV6M csvjson vulnerable to prototype injection
A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
CVE-2025-57318
A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
CVE-2025-57318
A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
PT-2025-39353
Name of the Vulnerable Software and Affected Versions csvjson versions through 5.1.0 Description A Prototype Pollution issue exists in the toCsv function. This allows attackers to inject properties onto Object.prototype by providing a specially crafted payload. A potential consequence of this is ...
CVE-2025-57318
CVE-2025-57318 affects the csvjson package (toCsv function) up to version 5.1.0. A crafted payload can pollute Object.prototype via unsafe merging/definition paths, enabling a denial of service (DoS) as the minimum impact. Remediation per multiple sources: upgrade to a version later than 5.1.0 or...
CVE-2025-57318
A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...