Security Advisory

CVE-2025-13204

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-14 17:02:39

Last updated 2025-11-14 20:41:22

Assigner certcc

State PUBLISHED

Description

npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.

← Browse all CVEs View on cve.org ↗