7 matches found
CVE-2025-32014
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...
GHSA-F7F6-9JQ7-3RQJ estree-util-value-to-estree allows prototype pollution in generated ESTree
Impact When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. Example: js import generate from 'astring' import valueToEstree from 'estree-util-value-to-estree' const estree = valueToEstree 'proto': const code...
CVE-2025-32014
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...
CVE-2025-32014
CVE-2025-32014 affects estree-util-value-to-estree. When valueToEstree processes an object with a proto property, the generated ESTree could pollute prototypes; this is fixed in version 3.3.3. Remediation is to upgrade to 3.3.3+ or apply the provided workaround (avoid/strip proto properties). In ...
CVE-2025-32014 estree-util-value-to-estree allows prototype pollution in generated ESTree
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...
estree-util-value-to-estree 安全漏洞
estree-util-value-to-estree is a tool for converting JavaScript values to estree expressions by the individual developer Remco Haszing. A security vulnerability exists in estree-util-value-to-estree that stems from improper handling of the proto attribute, which could lead to prototype...
PT-2025-15241 · Unknown · Estree-Util-Value-To-Estree
Name of the Vulnerable Software and Affected Versions: estree-util-value-to-estree versions prior to 3.3.3 Description: The issue arises when estree-util-value-to-estree converts a JavaScript value to an ESTree expression. Specifically, when generating an ESTree from a value with a property named...