CVE-2025-3197

MEDIUM Year: 2025
CVSS v3 Score
7.3
High
Weakness Type
CWE-1321
View all →

Vulnerability Description

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.

Related Vulnerabilities

CVE-2020-28458

HIGH
CVSS:7.3(High)

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.

CWE-13212020

CVE-2020-7720

HIGH
CVSS:7.3(High)

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.

CWE-13212020

CVE-2020-7743

HIGH
CVSS:7.3(High)

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

CWE-13212020

CVE-2022-1295

HIGH
CVSS:7.3(High)

Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.

CWE-13212022

CVE-2022-25296

HIGH
CVSS:7.3(High)

The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. ...

CWE-13212022

CVE-2024-38994

HIGH
CVSS:7.3(High)

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via...

CWE-13212024