2 matches found
CVE-2026-49293
js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...
Prototype Pollution
Overview js-toml is an A TOML parser for JavaScript/TypeScript, targeting TOML 1.0.0 Spec Affected versions of this package are vulnerable to Prototype Pollution via the parsing process. An attacker can inject or modify properties on the global Object.prototype by supplying specially crafted TOML...