7.2

CVE-2026-25754

AdonisJS multipart body parsing has Prototype Pollution issue

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-next.9.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdonisjsBodyparser SwPlatformnode.js Version < 10.1.3
AdonisjsBodyparser SwPlatformnode.js Version >= 10.1.4 < 11.0.0
AdonisjsBodyparser Version11.0.0 Updatenext1 SwPlatformnode.js
AdonisjsBodyparser Version11.0.0 Updatenext2 SwPlatformnode.js
AdonisjsBodyparser Version11.0.0 Updatenext3 SwPlatformnode.js
AdonisjsBodyparser Version11.0.0 Updatenext4 SwPlatformnode.js
AdonisjsBodyparser Version11.0.0 Updatenext5 SwPlatformnode.js
AdonisjsBodyparser Version11.0.0 Updatenext6 SwPlatformnode.js
AdonisjsBodyparser Version11.0.0 Updatenext7 SwPlatformnode.js
AdonisjsBodyparser Version11.0.0 Updatenext8 SwPlatformnode.js
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.281
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 7.2 3.9 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c
Third Party Advisory
https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed
Patch
https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9
Release Notes