apidoc-core Prototype Pollution Vulnerability Allowing Remote Attackers to Modify Object Prototypes

Vulnerability

A prototype pollution vulnerability exists in apidoc-core versions 0.2.0 and later. This vulnerability allows remote attackers to alter JavaScript object prototypes by sending malformed data structures. The 'define' property, which is processed by the application, can be targeted, potentially causing a denial of service or unintended behavior in applications that depend on the integrity of prototype chains. The vulnerability impacts the preProcess() function within the api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.

Impact

Exploitation of this vulnerability can lead to prototype pollution, allowing for the modification of JavaScript object prototypes. This can cause denial of service or unintended behavior in applications that rely on the integrity of prototype chains.

Added: Dec 26, 2025, 4:21 PM

Updated: Dec 26, 2025, 4:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

1.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

1.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

apidoc-core Prototype Pollution Vulnerability Allowing Remote Attackers to Modify Object Prototypes

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating