CVE-2025-57350

Name of the Vulnerable Software and Affected Versions csvtojson versions prior to 2.0.10

Description The csvtojson package has a flaw due to inadequate sanitization of nested header names during parsing. Processing CSV input with crafted header fields referencing prototype chains (like using proto) can unintentionally modify the base Object prototype. This can cause denial of service or unexpected behavior, especially when processing untrusted CSV data. The issue does not require user interaction beyond providing a malicious CSV file. The vulnerable component is parser jsonarray.

Recommendations Update to version 2.0.10 or later.