CVE-2026-23736

HIGH7.3EPSS 0.33%

seroval Affected by Prototype Pollution via JSON Deserialization

發布日:2026/1/21修改日:2026/2/3

描述

Due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This affects only JSON deserialization functionality. As there is no known workaround, please upgrade to the latest version.

受影響套件(1)

npm/serovalfrom 0, < 1.4.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-23736
PATCHhttps://github.com/lxsmnsyc/seroval
WEBhttps://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060
WEBhttps://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hj76-42vx-jwp4