6.5

CVE-2025-57348

The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of user-supplied input in the package's resource initialization process. Successful exploitation may lead to denial of service or arbitrary code execution in affected environments. The vulnerability affects versions up to and including 5.0.0-beta.19, and no official fix has been released to date.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Node-cubeNode-cube SwPlatformnode.js Version < 5.0.0
Node-cubeNode-cube Version5.0.0 Updatebeta0 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta1 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta10 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta11 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta12 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta13 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta14 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta15 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta16 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta17 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta18 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta19 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta2 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta3 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta4 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta5 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta6 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta8 SwPlatformnode.js
Node-cubeNode-cube Version5.0.0 Updatebeta9 SwPlatformnode.js
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.367
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.