4 matches found
CVE-2025-55195
@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution PP vulnerability. This is because the library is merging an untrusted object with an empt...
MAL-2025-16454 Malicious code in callback-apex-ursa-toml (npm)
The package callback-apex-ursa-toml was found to contain malicious code...
CVE-2025-55195
@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution PP vulnerability. This is because the library is merging an untrusted object with an empt...
js-toml Prototype Pollution Vulnerability
A prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. Impact The js-toml library is vulnerable to Prototype Pollution. When parsing a TOML string containing the specially...