2397978 – (CVE-2025-57319) CVE-2025-57319 fast-redact: fast-redact prototype pollution

Bug 2397978 (CVE-2025-57319) - CVE-2025-57319 fast-redact: fast-redact prototype pollution

Summary: CVE-2025-57319 fast-redact: fast-redact prototype pollution

Keywords:
Status:	NEW
Alias:	CVE-2025-57319
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-24 21:02 UTC by OSIDB Bzimport
Modified:	2026-01-03 08:28 UTC (History)
CC List:	52 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-24 21:02:10 UTC

fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

Note You need to log in before you can comment on or make changes to this bug.

aarif
abarbaro
alcohan
aprice
chfoley
dbosanac
dhanak
drosa
dsimansk
gparvin
haoli
hkataria
jajackso
jbalunas
jcammara
jchui
jhe
jkoehler
jmitchel
jneedle
jreimann
kegrant
kingland
koliveir
kshier
ktsao
kverlaen
lphiri
mabashia
matzew
mdessi
mnovotny
mpierce
mrizzi
nboldt
owatkins
pahickey
pbraun
pcattana
psrna
rhaigner
sausingh
sdawley
shvarugh
simaishi
smcdonal
stcannon
swoodman
teagle
tfister
thavo
yguenane