CNNVD-202508-288 Information

CNNVD ID

CNNVD-202508-288

Related CVE

CVE-2025-54803

• CNNVD Published: 2025-08-05

Description (Chinese)

js-toml是Sunny个人开发者的一个用于JavaScript的TOML解析器。 js-toml 1.0.2之前版本存在安全漏洞，该漏洞源于原型污染漏洞，可能导致全局Object.prototype属性被修改。

Description (English)

js-toml is a TOML solver for JavaScript by Sunny Personal Developer. js-toml 1.0.2 has a safety loophole, which originates from a prototype contamination loophole, which could lead to the modification of the global subject.prototype properties.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-05

Last Modified

2026-02-24

References

https://github.com/sunnyadn/js-toml/commit/b125910a3f094b744c9c3571360d4b9e3a472f66 https://github.com/sunnyadn/js-toml/security/advisories/GHSA-65fc-cr5f-v7r2 https://gist.github.com/siunam321/f3dc4d21a5a932c67b6c11d0026f5afc https://access.redhat.com/security/cve/cve-2025-54803

Patch

https://github.com/sunnyadn/js-toml/releases