4 matches found
CVE-2026-54639
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...
CVE-2026-54639 Style Dictionary - Prototype Pollution in convertTokenData utility function
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...
EUVD-2026-38640
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...
PT-2026-51612
Name of the Vulnerable Software and Affected Versions Style Dictionary versions 4.3.0 through 5.4.3 Description Style Dictionary contains a prototype pollution issue within the convertTokenData function. Prototype pollution occurs when an attacker manipulates the proto property of a JavaScript...