Description

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or unintended behavior in applications relying on the integrity of prototype chains. This affects the preProcess() function in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.

Related CPE's

Could not find any relations

References

https://www.sonatype.com/security-advisories/cve-2025-13158

Weaknesses

103e4ec9-0a87-450b-af77-479448ddef11

Secondary
CWE-1321

CVSS impact metrics

Missing metrics for CVSS V

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

103e4ec9-0a87-450b-af77-479448ddef11

Vulnerability status

Received

Published

2025-12-26T16:15:43.263

3 hours ago

Last modified

2025-12-26T16:15:43.263

3 hours ago