5 matches found
EUVD-2025-31065
Malicious code in bioql PyPI...
CVE-2025-57349
The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...
CVE-2025-57353
The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...
CVE-2025-57349
The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...
CVE-2025-57349
CVE-2025-57349 affects the messageformat package (JavaScript) prior to version 2.3.0. The root cause is improper handling of nested message keys containing special characters (e.g., proto ), enabling prototype pollution that can modify Object.prototype and cause denial of service or undefined beh...