Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
org.mvnpm.at.trpc/server 11.7.1 | Vulnerab… | Sonatype Guide
maven
org.mvnpm.at.trpc
server
11.7.1
server 11.7.1
Latest
org.mvnpm.at.trpc
Published
Nov 5, 2025
•
Policy
compliance
maven Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
1
Versions
1
Vulnerabilities
1
Vulnerabilities
1
Dependencies
1
Dependencies
1
Reset filters
Severity
Critical
(0)
High
(1)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
7.2
CVE-2025-68130
tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in `@trpc/server`'s `formDataToObject` function, which is used by the Next.js App Router adapter. An attacker can pollute `Object.prototype` by submitting specially crafted FormData field names, potentially leading to authorization bypass, denial of service, or other security impacts. Note that this vulnerability is only present when using `experimental_caller` / `experimental_nextAppDirCaller`. Versions 10.45.3 and 11.8.0 fix the issue.
affected
Severity
High
Published
Dec 17, 2025
