CVE-2025-32014
Description
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named __proto__, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-32014? +
How do I check if I'm vulnerable to CVE-2025-32014? +
Related Vulnerabilities
Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: …
Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to …
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating …
A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted …
content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy …
Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with …