Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
- Severity:
- Medium
Description
Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun’s APIs that accept objects.
Recommendation
Update the bun package to the latest compatible version. Followings are version details:
- Affected version(s): > 0.0.12, < 1.1.30
- Patched version(s): 1.1.30
References
Related Issues
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) 2 - CVE-2024-52809
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) - CVE-2024-52809
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) 4 - CVE-2024-52809
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) 3 - CVE-2024-52809
- Tags:
- npm
- bun
Anything's wrong? Let us know Last updated on July 24, 2025