6 matches found
CVE-2025-32014
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...
CVE-2025-32014
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...
CVE-2025-32014
CVE-2025-32014 affects estree-util-value-to-estree. When valueToEstree processes an object with a proto property, the generated ESTree could pollute prototypes; this is fixed in version 3.3.3. Remediation is to upgrade to 3.3.3+ or apply the provided workaround (avoid/strip proto properties). In ...
CVE-2025-32014 estree-util-value-to-estree allows prototype pollution in generated ESTree
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...
CVE-2025-32014 estree-util-value-to-estree allows prototype pollution in generated ESTree
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...
CVE-2025-32014 estree-util-value-to-estree allows prototype pollution in generated ESTree
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...