CVE Catalog

CVE-2025-63704

Critical
Published: Translated: NVD NIST

Summary

The NPM package query-parser-string version 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.

Risk Assessment

This vulnerability may lead to unauthorized access to data or manipulation of objects within the application, potentially affecting system integrity.

Recommendation

It is recommended to update the package to the latest version that fixes this vulnerability and to implement additional validation and sanitization mechanisms for input data.

Original NVD description (English source)

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS