{"id":"CVE-2025-55195","summary":"@std/toml Prototype Pollution in Node.js and Browser","details":"@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution (PP) vulnerability. This is because the library is merging an untrusted object with an empty object, which by default the empty object has the prototype chain. This issue has been patched in version 1.0.9.","aliases":["GHSA-crjp-8r9q-2j9r"],"modified":"2026-04-10T05:29:50.970884Z","published":"2025-08-14T16:39:28.158Z","database_specific":{"cwe_ids":["CWE-1321"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55195.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/denoland/std/releases/tag/release-2025.08.13"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55195.json"},{"type":"ADVISORY","url":"https://github.com/denoland/std/security/advisories/GHSA-crjp-8r9q-2j9r"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55195"},{"type":"FIX","url":"https://github.com/denoland/std/commit/540662cfd6d71e969af292aa604ef4049dbe271b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/denoland/std","events":[{"introduced":"0"},{"fixed":"540662cfd6d71e969af292aa604ef4049dbe271b"}]},{"type":"GIT","repo":"https://github.com/denoland/std","events":[{"introduced":"0"},{"fixed":"6b92bffee72806ce03857e83eb1d52108ad099a0"}]}],"versions":["0.100.0","0.101.0","0.102.0","0.103.0","0.104.0","0.105.0","0.106.0","0.107.0","0.108.0","0.109.0","0.110.0","0.111.0","0.112.0","0.113.0","0.114.0","0.115.0","0.115.1","0.116.0","0.117.0","0.118.0","0.119.0","0.120.0","0.121.0","0.122.0","0.123.0","0.124.0","0.125.0","0.126.0","0.127.0","0.128.0","0.129.0","0.130.0","0.131.0","0.132.0","0.133.0","0.134.0","0.135.0","0.136.0","0.137.0","0.138.0","0.140.0","0.141.0","0.142.0","0.143.0","0.144.0","0.145.0","0.146.0","0.147.0","0.148.0","0.149.0","0.150.0","0.151.0","0.152.0","0.153.0","0.154.0","0.155.0","0.156.0","0.157.0","0.158.0","0.159.0","0.160.0","0.161.0","0.162.0","0.163.0","0.164.0","0.165.0","0.166.0","0.167.0","0.168.0","0.169.0","0.170.0","0.171.0","0.172.0","0.173.0","0.174.0","0.175.0","0.176.0","0.177.0","0.178.0","0.179.0","0.180.0","0.181.0","0.182.0","0.183.0","0.184.0","0.185.0","0.186.0","0.187.0","0.188.0","0.189.0","0.190.0","0.191.0","0.192.0","0.193.0","0.194.0","0.195.0","0.196.0","0.197.0","0.198.0","0.199.0","0.200.0","0.201.0","0.202.0","0.203.0","0.204.0","0.205.0","0.206.0","0.207.0","0.208.0","0.209.0","0.210.0","0.211.0","0.212.0","0.213.0","0.214.0","0.215.0","0.216.0","0.217.0","0.218.0","0.218.2","0.219.0","0.219.1","0.220.0","0.220.1","0.221.0","0.222.0","0.222.1","0.223.0","0.224.0","0.224.1-a","0.85.0","0.86.0","0.87.0","0.88.0","0.89.0","0.90.0","0.91.0","0.92.0","0.93.0","0.94.0","0.95.0","0.96.0","0.97.0","0.98.0","0.99.0","20190516","20190520","release-2024.05.07","release-2024.05.16","release-2024.05.22","release-2024.05.29","release-2024.06.03","release-2024.06.06","release-2024.06.12","release-2024.06.17","release-2024.06.21","release-2024.06.26","release-2024.07.02","release-2024.07.09","release-2024.07.12","release-2024.07.19","release-2024.07.26","release-2024.08.02","release-2024.08.05","release-2024.08.07","release-2024.08.07a","release-2024.08.16","release-2024.08.26","release-2024.09.04","release-2024.09.12","release-2024.09.12a","release-2024.09.16","release-2024.09.24","release-2024.10.10","release-2024.10.10a","release-2024.10.24","release-2024.11.01","release-2024.11.13","release-2024.11.22","release-2024.11.25","release-2024.12.06","release-2024.12.18","release-2024.12.20","release-2025.01.10","release-2025.01.22","release-2025.01.31","release-2025.02.14","release-2025.02.14a","release-2025.03.04","release-2025.03.25","release-2025.04.08","release-2025.04.24","release-2025.05.13","release-2025.05.27","release-2025.05.30","release-2025.06.12","release-2025.07.01","release-2025.07.22","release-2025.07.29","start-jsr","v0.1.11","v0.1.12","v0.10.0","v0.11.0","v0.12.0","v0.15.0","v0.16.0","v0.17.0","v0.18.0","v0.19.0","v0.2.0","v0.2.1","v0.2.10","v0.2.11","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v0.2.7","v0.2.8","v0.2.9","v0.20.0","v0.3.0","v0.3.1","v0.3.10","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.8","v0.4.0","v0.5.0","v0.6.0","v0.7.0","v0.8.0","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55195.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}