Search

Find a vulnerability

Search criteria

    1 vulnerability found for layout by antv

    CVE-2026-15598 (GCVE-0-2026-15598)

    Vulnerability from cvelistv5 – Published: 2026-07-13 22:00 – Updated: 2026-07-13 22:00
    VLAI
    Title
    antv layout object.js setNestedValue prototype pollution
    Summary
    A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The project was informed of the problem early through an issue report but has not responded yet.
    CWE
    • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes
    • CWE-94 - Code Injection
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378113 vdb-entrytechnical-description
    https://vuldb.com/vuln/378113/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15598 third-party-advisory
    https://vuldb.com/submit/855637 third-party-advisory
    https://github.com/antvis/layout/issues/292 issue-tracking
    Impacted products
    Vendor Product Version
    antv layout Affected: 2.0.0
        cpe:2.3:a:antv:layout:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dremig (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:antv:layout:*:*:*:*:*:*:*:*"
              ],
              "product": "layout",
              "vendor": "antv",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dremig (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The project was informed of the problem early through an issue report but has not responded yet."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1321",
                  "description": "Improperly Controlled Modification of Object Prototype Attributes",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T22:00:11.338Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378113 | antv layout object.js setNestedValue prototype pollution",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378113"
            },
            {
              "name": "VDB-378113 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378113/cti"
            },
            {
              "name": "CVE-2026-15598 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15598"
            },
            {
              "name": "Submit #855637 | Node.js @antv/layout 2.0.0 Prototype Pollution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855637"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/antvis/layout/issues/292"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T16:13:50.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "antv layout object.js setNestedValue prototype pollution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15598",
        "datePublished": "2026-07-13T22:00:11.338Z",
        "dateReserved": "2026-07-13T14:08:46.995Z",
        "dateUpdated": "2026-07-13T22:00:11.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }