CVE-2025-54803

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed...

barrelly (>=1.0.0 <=1.2.0) potentially affected by CVE-2025-54803 via js-toml (=1.0.0)

js-toml NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on js-toml and may be impacted: - barrelly =1.0.0, =1.2.0 Source cves: CVE-2025-54803 Source advisory: SNYK:JS-JSTOML-11483956...

CVE-2025-54803

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed...

CVE-2025-54803 js-toml is vulnerable to Prototype Pollution

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed...

CVE-2025-54803

CVE-2025-54803 affects the JavaScript TOML parser js-toml . Vulnerable versions are those below 1.0.2 , where parsing a specially crafted TOML input can enable a prototype pollution attack that allows an attacker to add or modify properties on the global Object.prototype . The impact can range fr...

GHSA-65FC-CR5F-V7R2 js-toml Prototype Pollution Vulnerability

A prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. Impact The js-toml library is vulnerable to Prototype Pollution. When parsing a TOML string containing the specially...