VYPR
Moderate severityNVD Advisory· Published Sep 24, 2025· Updated Sep 25, 2025

CVE-2025-57324

CVE-2025-57324

Description

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
parsenpm
< 7.0.0-alpha.17.0.0-alpha.1

Affected products

2
  • parse/parsedescription
  • ghsa-coords
    Range: < 7.0.0-alpha.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.