Unknown · Apidoc-Core · CVE-2025-13158
**Name of the Vulnerable Software and Affected Versions**
apidoc-core versions 0.2.0 and subsequent versions
**Description**
A prototype pollution issue exists in apidoc-core. This allows remote attackers to modify JavaScript object prototypes through malformed data structures, specifically the “define” property processed by the application. This can lead to denial of service or unexpected application behavior due to compromised prototype chains. The issue affects the `preProcess()` function within the following worker modules: `api group.js`, `api param title.js`, `api use.js`, and `api permission.js`.
**Recommendations**
Update apidoc-core to a version later than 0.2.0.