Remco Haszing

1 exploit Active since Apr 2025
CVE-2025-32014 WRITEUP MEDIUM WRITEUP
estree-util-value-to-estree < 3.3.3 - Prototype Pollution via __proto__ Property
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named __proto__, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3.