Style Dictionary
1 CVEs
product
Monthly
{ output: 'object' })`, the Expand API, and the transform lifecycle, and is most dangerous when Style Dictionary runs inside a Node.js server that ingests untrusted tokens. No public exploit identified at time of analysis and CISA has not listed it in KEV.
Prototype Pollution
Information Disclosure
Style Dictionary
NVD
GitHub
CVSS 3.1
8.8
EPSS
0.1%
EPSS 0%
CVSS 8.8
HIGH
PATCH
This Week
{ output: 'object' })`, the Expand API, and the transform lifecycle, and is most dangerous when Style Dictionary runs inside a Node.js server that ingests untrusted tokens. No public exploit identified at time of analysis and CISA has not listed it in KEV.
Prototype Pollution
Information Disclosure
Style Dictionary
NVD
GitHub