CVE-2025-31475

Name of the Vulnerable Software and Affected Versions tarteaucitron.js versions prior to 1.20.1

Description A vulnerability was identified in the addOrUpdate function of tarteaucitron.js, which did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potential security risks such as data corruption or unintended code execution. An attacker with high privileges could exploit this vulnerability to modify object prototypes, affecting core JavaScript behavior, cause application crashes or unexpected behavior, or potentially introduce further security vulnerabilities depending on the application's architecture.

Recommendations For versions prior to 1.20.1, update to version 1.20.1 to fix the vulnerability. As a temporary workaround, consider restricting access to the addOrUpdate function until the update is applied.