PT-2026-57909 · Antv · Xlayout
Dremig
·
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-15598
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The project was informed of the problem early through an issue report but has not responded yet.
Fix
Code Injection
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xlayout