13 matches found
Prototype Pollution
js-toml is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied TOML input during parsing, which allows an attacker to craft malicious TOML data that modifies properties of the global Object.prototype, potentially leading to arbitrary code execution or...
CVE-2025-54803
js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed...
barrelly (>=1.0.0 <=1.2.0) potentially affected by CVE-2025-54803 via js-toml (=1.0.0)
js-toml NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on js-toml and may be impacted: - barrelly =1.0.0, =1.2.0 Source cves: CVE-2025-54803 Source advisory: SNYK:JS-JSTOML-11483956...
CVE-2025-54803
js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed...
CVE-2025-54803 js-toml is vulnerable to Prototype Pollution
js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed...
CVE-2025-54803 js-toml is vulnerable to Prototype Pollution
js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed...
CVE-2025-54803 js-toml is vulnerable to Prototype Pollution
js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed...
CVE-2025-54803
CVE-2025-54803 affects the JavaScript TOML parser js-toml . Vulnerable versions are those below 1.0.2 , where parsing a specially crafted TOML input can enable a prototype pollution attack that allows an attacker to add or modify properties on the global Object.prototype . The impact can range fr...
js-toml 安全漏洞
js-toml is a TOML parser for JavaScript by Sunny Personal Developer. A security vulnerability exists in versions of js-toml prior to 1.0.2, which stems from a prototype contamination vulnerability that could lead to modification of the global Object.prototype property...
js-toml Prototype Pollution Vulnerability
A prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. Impact The js-toml library is vulnerable to Prototype Pollution. When parsing a TOML string containing the specially...
@astar-network/swanky-cli (>=2.2.0-alpha.0 <=2.2.3), @neon.id/uji-grader (>=1.0.0 <=1.2.0) +1 more potentially affected by CVE-2025-54803 via js-toml (>=0.1.1 <=1.0.0)
js-toml NPM version =0.1.1, =2.2.0-alpha.0, =1.0.0, =1.0.0, =1.2.0 Source cves: CVE-2025-54803 Source advisory: OSV:GHSA-65FC-CR5F-V7R2...
GHSA-65FC-CR5F-V7R2 js-toml Prototype Pollution Vulnerability
A prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. Impact The js-toml library is vulnerable to Prototype Pollution. When parsing a TOML string containing the specially...
PT-2025-31886 · Js-Toml · Js-Toml
Name of the Vulnerable Software and Affected Versions: js-toml versions prior to 1.0.2 Description: A prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This can lead to seve...