Sign In

CVE-2026-30226

ADVISORY - github

Summary

In devalue v5.6.3, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

ADVISORY - github

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in