Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.

Published

2025-04-04T05:15:46.103

Last Modified

2025-04-07T14:18:15.560

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Secondary
CWE-1321
Type: Secondary
CWE-1321

Affected Vendors & Products

References

https://gist.github.com/miguelafmonteiro/d8f66af61d14e06338b688f90c4dfa7c ([email protected])
https://github.com/jonschlinkert/expand-object/blob/master/index.js%23L13 ([email protected])
https://security.snyk.io/vuln/SNYK-JS-EXPANDOBJECT-5821390 ([email protected])
https://security.snyk.io/vuln/SNYK-JS-EXPANDOBJECT-5821390 (134c704f-9b21-4f2e-91b3-4a467353bcc0)