CVE-2025-13158

Vulnerability Description

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or unintended behavior in applications relying on the integrity of prototype chains. This affects the preProcess() function in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.

Vulnerability Details

Published Date

December 26, 2025

Last Modified

December 29, 2025

CWE ID

CWE-1321

Source

NVD

External References

https://www.sonatype.com/security-advisories/cve-2025-13158

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment