CVE-2025-13204
Published
CVSS v3
7.3
HIGH
CVSS v2
N/A
Affected
3
PROJECTS
Description
npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.
GitHub
Mathematical expression evaluator fork with exports map, prototype pollution and code injection security fixes
NPM