Primary

Context

toggle-array Prototype Pollution Vulnerability Allowing Denial-of-Service

Vulnerability

A prototype pollution vulnerability has been identified in the toggle-array package, specifically in versions through 1.0.1. This vulnerability allows attackers to inject properties into Object.prototype by sending a crafted payload. The exploitation of this vulnerability can lead to a denial-of-service condition, at a minimum.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by injecting properties into Object.prototype, which can disrupt the normal operation of the application.

Reproduction

The vulnerability can be reproduced by using the toggle-array package in a version prior to 1.0.1. After importing the package, the enable or disable function can be called with a crafted payload that targets Object.prototype. This injection can then be exploited to cause a denial-of-service condition.

Added: Sep 24, 2025, 10:05 PM

Updated: Sep 24, 2025, 10:05 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

toggle-array Prototype Pollution Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating