22 matches found
devalue prototype pollution vulnerability
devalue.parse allows proto to be set A string passed to devalue.parse could represent an object with a proto property, which would assign a prototype to an object while allowing properties to be overwritten: js class Vector constructorx, y this.x = x; this.y = y; get magnitude return this.x 2 +...
PT-2025-34819 · Unknown · Svelte Devalue
Name of the Vulnerable Software and Affected Versions: Svelte devalue versions prior to 5.3.2 Description: Svelte devalue is a utility library susceptible to prototype pollution. Passing a string to devalue.parse that represents an object with a proto property, without numeric index checking, can...