Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

apiDoc

Source -

CNA

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
1Vulnerabilities found
CVE-2025-13158
Assigner-Sonatype Inc.
ShareView Details
Assigner-Sonatype Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.27% / 49.79%
||
7 Day CHG~0.00%
Published-26 Dec, 2025 | 16:00
Updated-29 Dec, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or unintended behavior in applications relying on the integrity of prototype chains. This affects the preProcess() function in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.

Action-Not Available
Vendor-apiDoc
Product-apidoc-core
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')