Vulnerabilities

CVE-2025-57820

by Fred · 26/08/2025

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype pollution. This issue has been fixed in version 5.3.2

More information : https://github.com/sveltejs/devalue/commit/0623a47c9555b639c03ff1baea82951b2d9d1132

Similar

Tags: Cybersecurity Alert