Description
mpregular is a package that provides a small program development framework based on RegularJS. A Prototype Pollution vulnerability in the mp.addEventHandler function of mpregular version 0.2.0 and before allows attackers to inject properties on Object.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.2.0
References
Related Issues
- ReDoS Vulnerability in ua-parser-js version - CVE-2022-25927
- DOMPurify allows Cross-site Scripting (XSS) - CVE-2025-26791
- lite-server vulnerable to Denial of Service - CVE-2022-25940
- Manifest Uses a One-Way Hash without a Salt - CVE-2025-27408
- Tags:
- npm
- mpregular
Anything's wrong? Let us know Last updated on September 25, 2025