7.2
CVE-2026-25754
- EPSS 0.02%
- Veröffentlicht 06.02.2026 22:48:38
- Zuletzt bearbeitet 17.03.2026 20:42:28
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginAdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-next.9.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adonisjs ≫ Bodyparser SwPlatformnode.js Version < 10.1.3
Adonisjs ≫ Bodyparser SwPlatformnode.js Version >= 10.1.4 < 11.0.0
Adonisjs ≫ Bodyparser Version11.0.0 Updatenext1 SwPlatformnode.js
Adonisjs ≫ Bodyparser Version11.0.0 Updatenext2 SwPlatformnode.js
Adonisjs ≫ Bodyparser Version11.0.0 Updatenext3 SwPlatformnode.js
Adonisjs ≫ Bodyparser Version11.0.0 Updatenext4 SwPlatformnode.js
Adonisjs ≫ Bodyparser Version11.0.0 Updatenext5 SwPlatformnode.js
Adonisjs ≫ Bodyparser Version11.0.0 Updatenext6 SwPlatformnode.js
Adonisjs ≫ Bodyparser Version11.0.0 Updatenext7 SwPlatformnode.js
Adonisjs ≫ Bodyparser Version11.0.0 Updatenext8 SwPlatformnode.js
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.037 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.2 | 3.9 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.