VYPR

npm package

spmrc

pkg:npm/spmrc

Vulnerabilities (1)

  • CVE-2025-57327Sep 24, 2025
    affected <= 1.2.0

    spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS)