CNNVD-202509-3795 Information

CNNVD ID

CNNVD-202509-3795

Related CVE

CVE-2025-57330

• CNNVD Published: 2025-09-24

Description (Chinese)

Web3.js是Web3开源的一个以太坊 JSON RPC API 和 ChainSafe Systems 维护的相关工具的 TypeScript 实现。 Web3.js 1.10.4及之前版本存在安全漏洞，该漏洞源于attachToObject函数存在原型污染，可能导致拒绝服务攻击。

Description (English)

Web3.js is the TypeScript tool maintained by JSON RPC API and ChainSafe Systems, an open source of Web3. Web3.js 1.10.4 and previous versions contain a security loophole, which stems from the prototype contamination of the attachToObject function, which may result in a denial of service attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Weblate

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/web3-core-subscriptions%401.10.4/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57330