Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/04/10 4:4 a.m.20 views

CVE-2025-32014

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

6.5CVSS6.6AI score0.00421EPSS
Exploits0References5
NVD
NVD
added 2025/04/07 3:15 p.m.35 views

CVE-2025-32014

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

6.9CVSS0.00421EPSS
Exploits0References2
CVE
CVE
added 2025/04/07 2:56 p.m.63 views

CVE-2025-32014

CVE-2025-32014 affects estree-util-value-to-estree. When valueToEstree processes an object with a proto property, the generated ESTree could pollute prototypes; this is fixed in version 3.3.3. Remediation is to upgrade to 3.3.3+ or apply the provided workaround (avoid/strip proto properties). In ...

6.9CVSS6.7AI score0.00421EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/07 2:56 p.m.16 views

CVE-2025-32014 estree-util-value-to-estree allows prototype pollution in generated ESTree

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

6.9CVSS6.5AI score0.00421EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/07 2:56 p.m.32 views

CVE-2025-32014 estree-util-value-to-estree allows prototype pollution in generated ESTree

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

6.9CVSS0.00421EPSS
Exploits0References2
OSV
OSV
added 2025/04/07 2:56 p.m.15 views

CVE-2025-32014 estree-util-value-to-estree allows prototype pollution in generated ESTree

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

6.9CVSS6.2AI score0.00421EPSS
Exploits0References4
Rows per page
Query Builder