CNNVD-202509-3990 Information

CNNVD ID

CNNVD-202509-3990

Related CVE

CVE-2025-57317

• CNNVD Published: 2025-09-25

Description (Chinese)

apidoc-core是apiDoc开源的一个解析器库。 apidoc-core 0.15.0及之前版本存在安全漏洞，该漏洞源于preProcess函数存在原型污染，攻击者可通过特制有效载荷注入属性，可能导致拒绝服务。

Description (English)

apidoc-core is a solver library of apiDoc open source. There is a safety loophole in apidoc-core 0.15.0 and earlier versions, which stems from the prototype contamination of the preProcess function, which can be injected by the assailant through a special payload, which may lead to the denial of services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

apiDoc

Published

2025-09-25

Last Modified

2026-02-24

References

https://github.com/OrangeShieldInfos/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57317 https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/apidoc-core%400.15.0/index.js

Patch

https://github.com/apidoc/apidoc-core/releases