CNNVD-202509-3787 Information

CNNVD ID

CNNVD-202509-3787

Related CVE

CVE-2025-57326

• CNNVD Published: 2025-09-24

Description (Chinese)

SassDoc Extras是SassDoc开源的一个SassDoc主题构建器。 SassDoc Extras 2.5.1及之前版本存在安全漏洞，该漏洞源于byGroupAndType函数存在原型污染，攻击者可通过特制有效载荷注入属性，可能导致拒绝服务。

Description (English)

SassDoc Extras is a sassDoc theme builder for SassDoc open source. There is a security loophole in SassDoc Extras 2.5.1 and earlier versions, which stems from the prototype contamination of the byGroupAndType function, which can be injected by the assailant through a special payload, which may lead to the denial of service.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Savy Soda

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/sassdoc-extras%402.5.1/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57326