Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/04/10 4:4 a.m.18 views

CVE-2025-32014

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

6.5CVSS6.6AI score0.00392EPSS
Exploits0References5
OSV
OSV
added 2025/04/07 7:9 p.m.5 views

GHSA-F7F6-9JQ7-3RQJ estree-util-value-to-estree allows prototype pollution in generated ESTree

Impact When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. Example: js import generate from 'astring' import valueToEstree from 'estree-util-value-to-estree' const estree = valueToEstree 'proto': const code...

6.9CVSS6.6AI score0.00392EPSS
Exploits0References4
NVD
NVD
added 2025/04/07 3:15 p.m.35 views

CVE-2025-32014

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

6.9CVSS0.00392EPSS
Exploits0References2
CVE
CVE
added 2025/04/07 2:56 p.m.62 views

CVE-2025-32014

CVE-2025-32014 affects estree-util-value-to-estree. When valueToEstree processes an object with a proto property, the generated ESTree could pollute prototypes; this is fixed in version 3.3.3. Remediation is to upgrade to 3.3.3+ or apply the provided workaround (avoid/strip proto properties). In ...

6.9CVSS6.7AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/07 2:56 p.m.32 views

CVE-2025-32014 estree-util-value-to-estree allows prototype pollution in generated ESTree

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

6.9CVSS0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.4 views

estree-util-value-to-estree 安全漏洞

estree-util-value-to-estree is a tool for converting JavaScript values to estree expressions by the individual developer Remco Haszing. A security vulnerability exists in estree-util-value-to-estree that stems from improper handling of the proto attribute, which could lead to prototype...

6.9CVSS6.4AI score0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.5 views

PT-2025-15241 · Unknown · Estree-Util-Value-To-Estree

Name of the Vulnerable Software and Affected Versions: estree-util-value-to-estree versions prior to 3.3.3 Description: The issue arises when estree-util-value-to-estree converts a JavaScript value to an ESTree expression. Specifically, when generating an ESTree from a value with a property named...

6.9CVSS6.4AI score0.00392EPSS
Exploits0References9
Rows per page
Query Builder