CVE-2025-57351 (CNNVD-202509-3793)
中文标题:
ts-fns 安全漏洞
英文标题:
A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where ins...
漏洞描述
中文描述:
ts-fns是tangshuang个人开发者的一个java库 ts-fns 13.0.7之前版本存在安全漏洞,该漏洞源于assign函数对用户提供键的验证不足,可能导致原型污染攻击。
英文描述:
A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties into the global object's prototype, potentially leading to application crashes, unexpected code execution behaviors, or bypasses of security-critical validation logic dependent on prototype integrity. The vulnerability stems from improper handling of deep property assignment operations within the library's public API functions. This issue remains unaddressed in the latest available version.
CWE类型:
标签:
受影响产品
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-57351 |
2025-11-11 15:23:30 | 2025-11-11 07:40:44 |
| NVD | nvd_CVE-2025-57351 |
2025-11-11 15:01:04 | 2025-11-11 07:48:31 |
| CNNVD | cnnvd_CNNVD-202509-3793 |
2025-11-11 15:12:58 | 2025-11-11 08:00:13 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202509-3793
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']