CVE-2025-57328

High CVSS: 7.5

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

Vendor

Jonschlinkert

Product

Toggle-array

CWE

CWE-1321

Yayın Tarihi

2025-09-24 20:15:32

Güncelleme

2025-10-20 16:50:08

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-1321 Toggle-array HIGH Jonschlinkert 2025

Referanslar

https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/toggle-array%401.0.1/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57328

Benzer Kayıtlar

High

CVE-2026-33671

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expr…

Medium

CVE-2026-33672

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method inj…

High

CVE-2025-25975

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function