Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-3197
PUBLISHED
More InfoOfficial Page
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
View Known Exploited Vulnerability (KEV) details
Published At-04 Apr, 2025 | 05:00
Updated At-04 Apr, 2025 | 14:17
Rejected At-
▼CVE Numbering Authority (CNA)

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.

Affected Products
Vendor
n/a
Product
expand-object
Versions
Affected
  • From 0.0.0 before * (semver)
Problem Types
TypeCWE IDDescription
N/AN/APrototype Pollution
Type: N/A
CWE ID: N/A
Description: Prototype Pollution
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Miguel Monteiro
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-EXPANDOBJECT-5821390
N/A
https://gist.github.com/miguelafmonteiro/d8f66af61d14e06338b688f90c4dfa7c
N/A
https://github.com/jonschlinkert/expand-object/blob/master/index.js%23L13
N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-EXPANDOBJECT-5821390
Resource: N/A
Hyperlink: https://gist.github.com/miguelafmonteiro/d8f66af61d14e06338b688f90c4dfa7c
Resource: N/A
Hyperlink: https://github.com/jonschlinkert/expand-object/blob/master/index.js%23L13
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-1321CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Type: CWE
CWE ID: CWE-1321
Description: CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-EXPANDOBJECT-5821390
exploit
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-EXPANDOBJECT-5821390
Resource:
exploit
Details not found