CVE-2025-54803

Published August 5th, 2025

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed in version 1.0.2.

sunnyadn/js-toml

A TOML parser for JavaScript, trusted by Microsoft, AWS, and more. Fully compliant with TOML 1.0.0. Supports Node.js, browsers, and Bun⚡️!

GitHub