QwikSec

Security Database

CVE

CWE

Training

CVE-2025-57820

Published: Aug 26, 2025

Modified: Aug 27, 2025

PUBLISHED

Description

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype pollution. This issue has been fixed in version 5.3.2

Vendor	Product	Versions
sveltejs	devalue	affected `< 5.3.2`

Weaknesses (CWE)

References

https://github.com/sveltejs/devalue/security/advisories/GHSA-vj54-72f3-p5jv

x_refsource_CONFIRM

https://github.com/sveltejs/devalue/commit/0623a47c9555b639c03ff1baea82951b2d9d1132

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.