Skip to content

Commit 59edd4d

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-3c3p-xh4f-pfh7 GHSA-9g8m-v378-pcg3
1 parent fbfce7f commit 59edd4d

File tree

2 files changed

+58
-8
lines changed

2 files changed

+58
-8
lines changed

advisories/unreviewed/2025/09/GHSA-3c3p-xh4f-pfh7/GHSA-3c3p-xh4f-pfh7.json renamed to advisories/github-reviewed/2025/09/GHSA-3c3p-xh4f-pfh7/GHSA-3c3p-xh4f-pfh7.json

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,40 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3c3p-xh4f-pfh7",
4-
"modified": "2025-09-25T21:30:25Z",
4+
"modified": "2025-09-26T12:56:51Z",
55
"published": "2025-09-24T21:30:37Z",
66
"aliases": [
77
"CVE-2025-57320"
88
],
9+
"summary": "json-schema-editor-visual vulnerable to prototype pollution",
910
"details": "json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "npm",
21+
"name": "json-schema-editor-visual"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "2.0.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
@@ -26,15 +47,19 @@
2647
{
2748
"type": "WEB",
2849
"url": "https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57320"
50+
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/zyqwst/json-schema-editor-vue"
2954
}
3055
],
3156
"database_specific": {
3257
"cwe_ids": [
3358
"CWE-1321"
3459
],
3560
"severity": "MODERATE",
36-
"github_reviewed": false,
37-
"github_reviewed_at": null,
61+
"github_reviewed": true,
62+
"github_reviewed_at": "2025-09-26T12:56:51Z",
3863
"nvd_published_at": "2025-09-24T21:15:32Z"
3964
}
4065
}

advisories/unreviewed/2025/09/GHSA-9g8m-v378-pcg3/GHSA-9g8m-v378-pcg3.json renamed to advisories/github-reviewed/2025/09/GHSA-9g8m-v378-pcg3/GHSA-9g8m-v378-pcg3.json

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,40 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-9g8m-v378-pcg3",
4-
"modified": "2025-09-25T15:30:23Z",
4+
"modified": "2025-09-26T12:57:00Z",
55
"published": "2025-09-24T21:30:37Z",
66
"aliases": [
77
"CVE-2025-57324"
88
],
9+
"summary": "parse is vulnerable to prototype pollution",
910
"details": "parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "npm",
21+
"name": "parse"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "6.1.1"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
@@ -26,15 +47,19 @@
2647
{
2748
"type": "WEB",
2849
"url": "https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57324"
50+
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/parse-community/Parse-SDK-JS"
2954
}
3055
],
3156
"database_specific": {
3257
"cwe_ids": [
3358
"CWE-1321"
3459
],
3560
"severity": "MODERATE",
36-
"github_reviewed": false,
37-
"github_reviewed_at": null,
61+
"github_reviewed": true,
62+
"github_reviewed_at": "2025-09-26T12:57:00Z",
3863
"nvd_published_at": "2025-09-24T21:15:32Z"
3964
}
4065
}

0 commit comments

Comments
 (0)