CVE-2025-57352

Name of the Vulnerable Software and Affected Versions min-document versions prior to 2.19.0

Description A flaw exists in the 'min-document' package due to improper handling of namespace operations within the removeAttributeNS function. An attacker can exploit this by manipulating the prototype chain of JavaScript objects through malicious input involving the proto property. This manipulation can lead to denial of service or arbitrary code execution, resulting from insufficient validation of attribute namespace removal operations and allowing unintended modification of critical object prototypes.

Recommendations Update to version 2.19.0 or later.