3 matches found
CVE-2026-54639 Style Dictionary - Prototype Pollution in convertTokenData utility function
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...
Prototype Pollution
Overview @mikro-orm/core is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to Prototype Pollution via the...
PT-2022-7147
Name of the Vulnerable Software and Affected Versions json5 versions 1.0.1 and earlier json5 versions 2.2.1 and earlier Description The parse method of the json5 library does not restrict parsing of keys named proto , allowing specially crafted strings to pollute the prototype of the resulting...