CNNVD-202509-3798 Information

CNNVD ID

CNNVD-202509-3798

Related CVE

CVE-2025-57347

• CNNVD Published: 2025-09-24

Description (Chinese)

dagre-d3-es是Teebo个人开发者的一个js库。 dagre-d3-es 7.0.11之前版本存在安全漏洞，该漏洞源于bk模块的addConflict函数未正确清理用户输入，可能导致原型污染攻击。

Description (English)

Dagre-d3-es is a js library of Teebo personal developers. The pre-dagre-d3-es 7.11 security loophole, which originated from the ddConflict function of the bk module, did not properly clean up user input and could lead to a prototype pollution attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57347 https://github.com/tbo47/dagre-es/issues/52

Patch

https://github.com/tbo47/dagre-es/releases