Product

Parse-Nested-Form-Data (<= 1.0.0)

1 brief RSS

parse-nested-form-data Prototype Pollution Vulnerability (CVE-2026-45302)

parse-nested-form-data versions 1.0.0 and earlier are vulnerable to prototype pollution via crafted FormData field names, allowing an unauthenticated remote client to mutate `Object.prototype` and potentially corrupt application state, alter control flow, or cause denial of service.

parse-nested-form-data prototype-pollution javascript web-application

1r 1t 2d ago