HIGH🇬🇧 English

CVE-2025-57328

CVSS 7.5v3.1pub. 2025-09-24upd. 2025-10-20

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Jonschlinkert Toggle Array

    APP
    Jonschlinkert
    ≤ 1.0.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2026-33671HIGH7.5ten sam vendor

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Re...

CVE-2025-25975HIGH7.5ten sam vendor

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys fun...

CVE-2024-4068HIGH7.5ten sam vendor

The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, whic...

CVE-2026-33672MEDIUM5.3ten sam vendor

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a ...

CVE-2024-4067MEDIUM5.3ten sam vendor

The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The...

CVE-2025-57328 — HIGH 7.5 | CVEbaza.pl