CVE Daily

CVE-2025-55195

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can ...

High CVSS 7.3

Overview

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution (PP) vulnerability. This is because the library is merging an untrusted object with an empty object, which by default the empty object has the prototype chain. This issue has been patched in version 1.0.9.

CWE: CWE-1321 Published: 2025-08-14T17:15:41.330
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.3 (HIGH)
  • Detected tags: proto_pollution (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags