CVE-2025-32014
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named __proto__, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3.
Open
LOW (0.7)
System detected CVE-2025-32014
System
System
System
System
System updated the risk assessment from 0 to 0.67
System recalculated raw risk assessment
System updated the risk assessment from 0.67 to 1.35
System recalculated raw risk assessment
System fixed CVE-2025-32014
System detected CVE-2025-32014 with a risk of 0.67
Add a comment
Last calculated at:
Affected component
estree-util-value-to-estree
Quick Fix
Update all Dependencies
Update only estree-util-value-to-estree