CNNVD-202512-2801 Information

CNNVD ID

CNNVD-202512-2801

Related CVE

CVE-2025-68130

• CNNVD Published: 2025-12-16

Description (Chinese)

tRPC是tRPC社区的一个用于构建类型安全的API的TypeScript框架。 tRPC 10.45.3之前版本和11.8.0之前版本存在安全漏洞，该漏洞源于formDataToObject函数存在原型污染，可能导致授权绕过或拒绝服务。

Description (English)

tRPC is a TypeScript framework for the tRPC community for building type of API security. tRPC 10.45.3 There is a safety loophole before version 10.45.3 and before version 11.8.0, which stems from the presence of prototype contamination in the FormDataToObject function, which may lead to the authorization to bypass or refuse services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

tRPC

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/trpc/trpc/security/advisories/GHSA-43p4-m455-4f4j

Patch

https://github.com/trpc/trpc/releases