PT-2025-53598 · Unknown · Apidoc-Core
James Montaño
·
Published
2025-12-26
·
Updated
2025-12-27
·
CVE-2025-13158
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
apidoc-core versions 0.2.0 and subsequent versions
Description
A prototype pollution issue exists in apidoc-core. This allows remote attackers to modify JavaScript object prototypes through malformed data structures, specifically the “define” property processed by the application. This can lead to denial of service or unexpected application behavior due to compromised prototype chains. The issue affects the
preProcess() function within the following worker modules: api group.js, api param title.js, api use.js, and api permission.js.Recommendations
Update apidoc-core to a version later than 0.2.0.
Fix
DoS
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apidoc-Core