2 matches found
CVE-2026-15187 enquirer Public Package API Enquirer.set prototype pollution
A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes. The attack can be launched remotely...
CVE-2026-15187
The CVE-2026-15187 issue affects the enquirer package (versions up to 2.4.1) and specifically the Enquirer.set function. The root cause is a prototype pollution vulnerability caused by manipulating the argument name (question.name), allowing improper modification of object prototype attributes. I...