CVE-2025-63704
CriticalSummary
The NPM package query-parser-string version 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.
Risk Assessment
This vulnerability may lead to unauthorized access to data or manipulation of objects within the application, potentially affecting system integrity.
Recommendation
It is recommended to update the package to the latest version that fixes this vulnerability and to implement additional validation and sanitization mechanisms for input data.
Original NVD description (English source)
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.

