silentmatt

2 exploits Active since Nov 2025
CVE-2025-13204 WRITEUP HIGH WRITEUP
expr-eval < 2.0.2 - Prototype Pollution via JavaScript Expression Evaluation
npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.
CVSS 7.3
CVE-2025-13204 WRITEUP HIGH WRITEUP
expr-eval < 2.0.2 - Prototype Pollution via JavaScript Expression Evaluation
npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.
CVSS 7.3