216.73.217.98

CVE-2025-3197

· Published 04/04/2025 05:15 · Modified 04/04/2025 15:15

Labels: CVE-2025-3197 2025-04-04CVE-2025-3197CWE-1321[email protected]

Essential information

Published
04/04/2025 05:15
Modified
04/04/2025 15:15
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
expand-object / expand-object cpe:2.3:a:expand-object:expand-object:0.0.0:*:*:*:*:*:*:*

References