CNNVD-202509-3789 Information

CNNVD ID

CNNVD-202509-3789

Related CVE

CVE-2025-57321

• CNNVD Published: 2025-09-24

Description (Chinese)

magix-combine是thx开源的一款js库。 magix-combine 1.2.10及之前版本存在安全漏洞，该漏洞源于util-deps.addFileDepend函数存在原型污染，可能导致拒绝服务攻击。

Description (English)

Magix-compine is a js library of the thx open source. There is a security loophole in the magix-compine 1.2.10 and earlier versions, which stems from the prototype contamination of the util-deps.addFileDepend function, which may lead to a denial of service attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

泰腾恩

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/magix-combine-ex%401.2.10/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57321