CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

3gtel-frontend-platform (=1.0.0), @achieve-all/v-element (=1.0.0) +294 more potentially affected by CVE-2025-3197 via expand-object (>=0.2.3 <=0.4.2)

expand-object NPM version =0.2.3, =0.1.1, =1.0.0, =1.0.0, =2.0.0, =2.0.7, =0.1.0, =1.0.0, =1.0.8, =0.1.2, =1.0.3, =6.0.0-rc1, =1.0.0, =1.0.8 and more Source cves: CVE-2025-3197 Source advisory: OSV:GHSA-4VJR-HFPP-2M7W...

CVE-2025-3197

CVE-2025-3197 concerns the expand-object library. Reports across multiple sources confirm a Prototype Pollution flaw in the expand() function (index.js) that turns a string into an object without filtering keys like proto . Affected: expand-object versions 0.0.0 and later. Potential impact descri...

CVE-2024-57069

A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

3gtel-frontend-platform (=1.0.0), @achieve-all/v-element (=1.0.0) +294 more potentially affected by CVE-2025-3197 via expand-object (>=0.2.3 <=0.4.2)

expand-object NPM version =0.2.3, =0.1.1, =1.0.0, =1.0.0, =2.0.0, =2.0.7, =0.1.0, =1.0.0, =1.0.8, =0.1.2, =1.0.3, =6.0.0-rc1, =1.0.0, =1.0.8 and more Source cves: CVE-2025-3197 Source advisory: SNYK:JS-EXPANDOBJECT-5821390...