CVE-2025-3197 | expand-object index.js expand prototype pollution (SNYK-JS-EXPANDOBJECT-5821390)
A vulnerability was found in expand-object. It has been declared as critical. This vulnerability affects the function expand of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution').
This vulnerability was named CVE-2025-3197. The attack can be initiated remotely. There is no exploit available.