216.73.217.86

CVE-2025-57351

· Published 24/09/2025 19:15 · Modified 25/09/2025 19:15

Labels: CVE-2025-57351 2025-09-24CVE-2025-57351CWE-1321[email protected]

Essential information

Published
24/09/2025 19:15
Modified
25/09/2025 19:15
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVSS metrics

Description

A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties into the global object's prototype, potentially leading to application crashes, unexpected code execution behaviors, or bypasses of security-critical validation logic dependent on prototype integrity. The vulnerability stems from improper handling of deep property assignment operations within the library's public API functions. This issue remains unaddressed in the latest available version.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ts-fns / ts-fns cpe:2.3:a:ts-fns:ts-fns:<13.0.7:*:*:*:*:*:*:*

References