CVE-2025-55195
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| denoland | std | 1.0.9 |
| denoland | std | 1.0.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1321 | The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Prototype Pollution (PP) issue in the @std/toml library of the Deno Standard Library. Before version 1.0.9, when parsing untrusted TOML data in Node.js or Browser environments, an attacker could manipulate the prototype chain by merging untrusted objects with an empty object that has a default prototype. This allows the attacker to inject or modify properties on the prototype, potentially affecting all objects that inherit from it.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to perform Prototype Pollution, which may lead to unexpected behavior in applications, including data corruption, denial of service, or escalation of privileges. Since the CVSS score is 7.3 (high severity), it indicates that the vulnerability can impact confidentiality, integrity, and availability of the affected system without requiring user interaction or privileges.
What immediate steps should I take to mitigate this vulnerability?
Update the @std/toml library to version 1.0.9 or later, as this version contains the patch that fixes the Prototype Pollution vulnerability.