Description

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution (PP) vulnerability. This is because the library is merging an untrusted object with an empty object, which by default the empty object has the prototype chain. This issue has been patched in version 1.0.9.

INFO

Published Date :

2025-08-14T16:39:28.158Z

Last Modified :

2025-08-14T19:18:25.234Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55195 vulnerability.

Vendors Products
Denoland
  • Std
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55195.

URL Resource
https://github.com/denoland/std/commit/540662cfd6d71e969af292aa604ef4049dbe271b cve-icon cve-icon
https://github.com/denoland/std/releases/tag/release-2025.08.13 cve-icon cve-icon
https://github.com/denoland/std/security/advisories/GHSA-crjp-8r9q-2j9r cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact