CVE-2026-30226
EPSS 0.14%devalue has prototype pollution in devalue.parse and devalue.unflatten
發布日:2026/3/12修改日:2026/3/14
描述
In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.
受影響套件(1)
- npm/devaluefrom 0, < 5.6.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |