CVE-2025-55195 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untruste…
High CVSS: 7.3

CVE-2025-55195

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution (PP) vulnerability. This is because the library is merging an untrusted object with an empty object, which by default the empty object has the prototype chain. This issue has been patched in version 1.0.9.
Vendor
-
Product
-
CWE
CWE-1321
Yayın Tarihi
2025-08-14 17:15:41
Güncelleme
2025-08-15 13:12:51
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-1321 HIGH 2025

Referanslar

https://github.com/denoland/std/commit/540662cfd6d71e969af292aa604ef4049dbe271b https://github.com/denoland/std/releases/tag/release-2025.08.13 https://github.com/denoland/std/security/advisories/GHSA-crjp-8r9q-2j9r https://github.com/denoland/std/security/advisories/GHSA-crjp-8r9q-2j9r