js-toml is vulnerable to Prototype Pollution

August 4, 2025 invoker category_cve

CVE Details

Basic Information

Title js-toml is vulnerable to Prototype Pollution
Type cve
Published 2025-08-05T00:06:15.916Z
Modified 2025-08-05T00:06:15.916Z

Product Information

Vendor sunnyadn
Product js-toml
Version < 1.0.2

CVSS Information

Base Score 7.9 (HIGH)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

AI Analysis

AI Description A prototype pollution vulnerability in js-toml allows remote attackers to modify the global Object.prototype by parsing malicious TOML input. This is fixed in version 1.0.2.
AI Severity Medium
AI Vendor sunnyadn
AI Product js-toml
AI Version 1.0.2 and below

Affected Products

  • sunnyadn js-toml < 1.0.2

Additional Information

CWE List CWE-1321
Source GitHub_M

Description

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed in version 1.0.2.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.