CVE-2025-57348

Name of the Vulnerable Software and Affected Versions node-cube versions prior to 5.0.0

Description The node-cube package has an issue in how it initializes the prototype chain, potentially allowing an attacker to add properties to the prototype of built-in objects. This occurs due to insufficient validation of user-supplied input during resource initialization. Exploitation could result in denial of service or arbitrary code execution. The issue is categorized as CWE-1321.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.