3 matches found
CVE-2025-3197
Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...
CVE-2025-3197
CVE-2025-3197 concerns the expand-object library. Reports across multiple sources confirm a Prototype Pollution flaw in the expand() function (index.js) that turns a string into an object without filtering keys like proto . Affected: expand-object versions 0.0.0 and later. Potential impact descri...
CVE-2025-3197
Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...