Prototype Pollution in Remcohaszing Estree-util-value-to-estree
CVE-2025-32014
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named __proto__, valueToEstree would generate an object that specifies a prototype instead. This vulner…
Vulnerability class: Prototype Pollution
EPSS: 0.004 (31.0th percentile) — read the EPSS interpretation.
Affected products
- Remcohaszing Estree-util-value-to-estree — versions < 3.3.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)