A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in improperly controlled modification of object prototype attributes. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
Affected Vendors & Products
References
History
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in improperly controlled modification of object prototype attributes. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet. | |
| Title | svgdotjs svg.js npm Package API EventTarget.on prototype pollution | |
| First Time appeared |
Svgdotjs
Svgdotjs svg.js |
|
| Weaknesses | CWE-1321 CWE-94 |
|
| CPEs | cpe:2.3:a:svgdotjs:svg.js:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Svgdotjs
Svgdotjs svg.js |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-14T15:15:09.763Z
Reserved: 2026-07-14T05:01:41.727Z
Link: CVE-2026-15697
No data.
No data.
No data.
OpenCVE Enrichment
No data.