Prototype Pollution in Remcohaszing Estree-util-value-to-estree

CVE-2025-32014

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named __proto__, valueToEstree would generate an object that specifies a prototype instead. This vulner…

Vulnerability class: Prototype Pollution

EPSS: 0.004 (31.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References