CVE-2025-57351

Name of the Vulnerable Software and Affected Versions ts-fns versions prior to 13.0.7

Description A prototype pollution issue exists due to inadequate validation of user-supplied keys within the assign function. This allows manipulation of the Object.prototype chain. Attackers can inject arbitrary properties into the global object's prototype, potentially causing application crashes, unexpected code execution, or bypassing security checks that rely on prototype integrity. The root cause is improper handling of deep property assignment operations within the library’s public API functions.

Recommendations Update to version 13.0.7 or later.