CVE-2025-65587 | flash-oss graphql-upload-minimal 1.6.1 processRequest operations.variables prototype pollution (ID 907705)

Inserito da Angelo Barbosa | Mar 13, 2026 | CVE

A vulnerability marked as critical has been reported in flash-oss graphql-upload-minimal 1.6.1. Affected by this vulnerability is the function processRequest. Performing a manipulation of the argument operations.variables results in improperly controlled modification of object prototype attributes.

This vulnerability was named CVE-2025-65587. The attack may be initiated remotely. There is no available exploit.

CVE-2025-65587 | flash-oss graphql-upload-minimal 1.6.1 processRequest operations.variables prototype pollution (ID 907705)

Post correlati

CVE-2026-27195 | bytecodealliance wasmtime up to 40.0.3/41.0.3 exceptional condition

CVE-2024-24877 | Magic Hills Pty Wonder Slider Lite Plugin up to 13.9 on WordPress cross site scripting

CVE-2024-21896 | Node.js up to 20.11.0/21.6.1 Experimental Permission Model path traversal

CVE-2024-11023 | Firebase JavaScript SDK up to 10.8.x Cookie _authTokenSyncURL cross site scripting