Impact
The vulnerability resides in the setNestedValue function of the antv layout library. An attacker can craft a malicious path argument, causing the function to alter the prototype chain of objects. This prototype pollution can lead to unintended changes in object behaviour and, in some cases, code execution or denial of service.
Affected Systems
The issue affects antv layout version 2.0.0, the JavaScript library released for data visualization and chart layout.
Risk and Exploitability
The CVSS score is 5.3, categorising the flaw as moderate risk. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalogue. Although an attack can be launched remotely by supplying a crafted path, no publicly available exploit or proof‑of‑concept has been reported, suggesting limited exploitation likelihood at present.
OpenCVE Enrichment