CNNVD-202509-3804 Information

CNNVD ID

CNNVD-202509-3804

Related CVE

CVE-2025-57350

• CNNVD Published: 2025-09-24

Description (Chinese)

CSVTOJSON是Keyang Xiang个人开发者的一个CSV解析器。 CSVTOJSON 2.0.10之前版本存在安全漏洞，该漏洞源于parser_jsonarray组件在解析过程中对嵌套标头名称清理不足，可能导致原型污染攻击。

Description (English)

CSVTOJSON is a CSV solver for the personal developer of Keyang Xiang. CSVTOJSON 2.0.10 has a safety loophole, which arises from the inadequate clean-up of nested header names during the decomposition of the parser jsonarray component, which could lead to a prototype pollution attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/Keyang/node-csvtojson/issues/498 https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57350

Patch

https://github.com/Keyang/node-csvtojson/releases