{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T13:21:45.241","vulnerabilities":[{"cve":{"id":"CVE-2025-57328","sourceIdentifier":"cve@mitre.org","published":"2025-09-24T20:15:32.540","lastModified":"2025-10-20T16:50:08.890","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence."},{"lang":"es","value":"toggle-array es un paquete diseñado para habilitar una propiedad en el objeto en el índice especificado, mientras deshabilita la propiedad en todos los demás objetos. Una vulnerabilidad de Contaminación de Prototipos en las funciones enable y disable de toggle-array v1.0.1 y versiones anteriores permite a los atacantes inyectar propiedades en Object.prototype mediante el suministro de una carga útil manipulada, causando denegación de servicio (DoS) como consecuencia mínima."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jonschlinkert:toggle-array:*:*:*:*:*:node.js:*:*","versionEndIncluding":"1.0.1","matchCriteriaId":"E6309A46-01DD-4C36-880C-AFCD82E5D982"}]}]}],"references":[{"url":"https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/toggle-array%401.0.1/index.js","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57328","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}}]}