CVE-2025-57820 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.pa…
High CVSS: 7.9

CVE-2025-57820

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype pollution. This issue has been fixed in version 5.3.2
Vendor
-
Product
-
CWE
CWE-1321
Yayın Tarihi
2025-08-26 23:15:35
Güncelleme
2025-08-29 16:22:31
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-1321 HIGH 2025

Referanslar

https://github.com/sveltejs/devalue/commit/0623a47c9555b639c03ff1baea82951b2d9d1132 https://github.com/sveltejs/devalue/security/advisories/GHSA-vj54-72f3-p5jv