CVE-2025-55195

Source
https://cve.org/CVERecord?id=CVE-2025-55195
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55195.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-55195
Aliases
  • GHSA-crjp-8r9q-2j9r
Published
2025-08-14T16:39:28.158Z
Modified
2026-04-10T05:29:50.970884Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
@std/toml Prototype Pollution in Node.js and Browser
Details

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution (PP) vulnerability. This is because the library is merging an untrusted object with an empty object, which by default the empty object has the prototype chain. This issue has been patched in version 1.0.9.

Database specific
{
    "cwe_ids": [
        "CWE-1321"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55195.json"
}
References

Affected packages

Git / github.com/denoland/std

Affected ranges

Type
GIT
Repo
https://github.com/denoland/std
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/denoland/std
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*
0.100.0
0.101.0
0.102.0
0.103.0
0.104.0
0.105.0
0.106.0
0.107.0
0.108.0
0.109.0
0.110.0
0.111.0
0.112.0
0.113.0
0.114.0
0.115.0
0.115.1
0.116.0
0.117.0
0.118.0
0.119.0
0.120.0
0.121.0
0.122.0
0.123.0
0.124.0
0.125.0
0.126.0
0.127.0
0.128.0
0.129.0
0.130.0
0.131.0
0.132.0
0.133.0
0.134.0
0.135.0
0.136.0
0.137.0
0.138.0
0.140.0
0.141.0
0.142.0
0.143.0
0.144.0
0.145.0
0.146.0
0.147.0
0.148.0
0.149.0
0.150.0
0.151.0
0.152.0
0.153.0
0.154.0
0.155.0
0.156.0
0.157.0
0.158.0
0.159.0
0.160.0
0.161.0
0.162.0
0.163.0
0.164.0
0.165.0
0.166.0
0.167.0
0.168.0
0.169.0
0.170.0
0.171.0
0.172.0
0.173.0
0.174.0
0.175.0
0.176.0
0.177.0
0.178.0
0.179.0
0.180.0
0.181.0
0.182.0
0.183.0
0.184.0
0.185.0
0.186.0
0.187.0
0.188.0
0.189.0
0.190.0
0.191.0
0.192.0
0.193.0
0.194.0
0.195.0
0.196.0
0.197.0
0.198.0
0.199.0
0.200.0
0.201.0
0.202.0
0.203.0
0.204.0
0.205.0
0.206.0
0.207.0
0.208.0
0.209.0
0.210.0
0.211.0
0.212.0
0.213.0
0.214.0
0.215.0
0.216.0
0.217.0
0.218.0
0.218.2
0.219.0
0.219.1
0.220.0
0.220.1
0.221.0
0.222.0
0.222.1
0.223.0
0.224.0
0.224.1-a
0.85.0
0.86.0
0.87.0
0.88.0
0.89.0
0.90.0
0.91.0
0.92.0
0.93.0
0.94.0
0.95.0
0.96.0
0.97.0
0.98.0
0.99.0
Other
20190516
20190520
start-jsr
release-2024.*
release-2024.05.07
release-2024.05.16
release-2024.05.22
release-2024.05.29
release-2024.06.03
release-2024.06.06
release-2024.06.12
release-2024.06.17
release-2024.06.21
release-2024.06.26
release-2024.07.02
release-2024.07.09
release-2024.07.12
release-2024.07.19
release-2024.07.26
release-2024.08.02
release-2024.08.05
release-2024.08.07
release-2024.08.07a
release-2024.08.16
release-2024.08.26
release-2024.09.04
release-2024.09.12
release-2024.09.12a
release-2024.09.16
release-2024.09.24
release-2024.10.10
release-2024.10.10a
release-2024.10.24
release-2024.11.01
release-2024.11.13
release-2024.11.22
release-2024.11.25
release-2024.12.06
release-2024.12.18
release-2024.12.20
release-2025.*
release-2025.01.10
release-2025.01.22
release-2025.01.31
release-2025.02.14
release-2025.02.14a
release-2025.03.04
release-2025.03.25
release-2025.04.08
release-2025.04.24
release-2025.05.13
release-2025.05.27
release-2025.05.30
release-2025.06.12
release-2025.07.01
release-2025.07.22
release-2025.07.29
v0.*
v0.1.11
v0.1.12
v0.10.0
v0.11.0
v0.12.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.20.0
v0.3.0
v0.3.1
v0.3.10
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.8
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55195.json"