Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/node-cube@5.0.0-beta.19

Type npm

Namespace

Name node-cube

Version 5.0.0-beta.19

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.0.0-beta.20

Latest_non_vulnerable_version 5.0.0-beta.20

Affected_by_vulnerabilities

url VCID-2qc3-gqy4-z7ax

vulnerability_id VCID-2qc3-gqy4-z7ax

summary The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of user-supplied input in the package's resource initialization process. Successful exploitation may lead to denial of service or arbitrary code execution in affected environments. The vulnerability affects versions up to and including 5.0.0-beta.19, and no official fix has been released to date.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-57348

reference_id

reference_type

scores

value	0.0033
scoring_system	epss
scoring_elements	0.56349
published_at	2026-06-11T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56468
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-57348

reference_url

https://github.com/node-cube/cube

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/node-cube/cube

reference_url

https://github.com/node-cube/cube/issues/153

reference_id

153

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:28:13Z/

url

https://github.com/node-cube/cube/issues/153

reference_url

https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57348

reference_id

CVE-2025-57348

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:28:13Z/

url

https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57348

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-57348

reference_id

CVE-2025-57348

reference_type

scores

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-57348

reference_url

https://github.com/advisories/GHSA-8v65-5fw5-23wj

reference_id

GHSA-8v65-5fw5-23wj

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8v65-5fw5-23wj

fixed_packages

url	pkg:npm/node-cube@5.0.0-beta.20
purl	pkg:npm/node-cube@5.0.0-beta.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/node-cube@5.0.0-beta.20

aliases CVE-2025-57348, GHSA-8v65-5fw5-23wj

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qc3-gqy4-z7ax

Fixing_vulnerabilities

Risk_score 3.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-cube@5.0.0-beta.19

Package Instance