Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

783 vulnerabilities reference this CWE, most recent first.

GHSA-VRFH-PH2R-GXR9

Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 15:32
VLAI
Details

A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-05T22:15:31Z",
    "severity": "HIGH"
  },
  "details": "A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.",
  "id": "GHSA-vrfh-ph2r-gxr9",
  "modified": "2025-02-06T15:32:52Z",
  "published": "2025-02-06T06:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57076"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/tariqhawis/c432b93ee7d967c2e65bc1bf39241664"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRR3-5R3V-7XFW

Vulnerability from github – Published: 2021-05-17 21:00 – Updated: 2023-09-13 19:52
VLAI
Summary
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs
Details

Overview

casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS.

Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function.

PoC

var payload = JSON.parse('{"__proto__": {"a": "pwned"}}');
mergeObjects({}, payload);
console.log({}.a); // prints "pwned"
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "casperjs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7679"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-11T22:26:54Z",
    "nvd_published_at": "2020-06-19T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Overview\ncasperjs is a navigation scripting \u0026 testing utility for PhantomJS and SlimerJS.\n\nAffected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function.\n\n### PoC\n```js\nvar payload = JSON.parse(\u0027{\"__proto__\": {\"a\": \"pwned\"}}\u0027);\nmergeObjects({}, payload);\nconsole.log({}.a); // prints \"pwned\"\n```",
  "id": "GHSA-vrr3-5r3v-7xfw",
  "modified": "2023-09-13T19:52:14Z",
  "published": "2021-05-17T21:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7679"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/casperjs/casperjs"
    },
    {
      "type": "WEB",
      "url": "https://github.com/casperjs/casperjs/blob/master/modules/utils.js%23L680"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-572804"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-CASPERJS-572803"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs"
}

GHSA-VRW9-G62V-7FMF

Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2026-01-27 21:06
VLAI
Summary
CSVTOJSON has a prototype pollution vulnerability
Details

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parser_jsonarray component. When processing CSV input containing specially crafted header fields that reference prototype chains (e.g., using proto syntax), the application may unintentionally modify properties of the base Object prototype. This vulnerability can lead to denial of service conditions or unexpected behavior in applications relying on unmodified prototype chains, particularly when untrusted CSV data is processed. The flaw does not require user interaction beyond providing a maliciously constructed CSV file.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "csvtojson"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-57350"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-24T20:10:59Z",
    "nvd_published_at": "2025-09-24T18:15:41Z",
    "severity": "MODERATE"
  },
  "details": "The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parser_jsonarray component. When processing CSV input containing specially crafted header fields that reference prototype chains (e.g., using __proto__ syntax), the application may unintentionally modify properties of the base Object prototype. This vulnerability can lead to denial of service conditions or unexpected behavior in applications relying on unmodified prototype chains, particularly when untrusted CSV data is processed. The flaw does not require user interaction beyond providing a maliciously constructed CSV file.",
  "id": "GHSA-vrw9-g62v-7fmf",
  "modified": "2026-01-27T21:06:02Z",
  "published": "2025-09-24T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57350"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Keyang/node-csvtojson/issues/498"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Keyang/node-csvtojson/issues/502"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Keyang/node-csvtojson/commit/4caeebd13b67be63282a7bbed3ca0cf9813f4bfc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Keyang/node-csvtojson"
    },
    {
      "type": "WEB",
      "url": "https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57350"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-CSVTOJSON-13109616"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "CSVTOJSON has a prototype pollution vulnerability"
}

GHSA-VVV8-XW5F-3F88

Vulnerability from github – Published: 2022-06-18 00:00 – Updated: 2022-06-20 22:33
VLAI
Summary
Prototype Pollution in mout
Details

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. Note: This vulnerability derives from an incomplete fix of CVE-2020-7792.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.2.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "mout"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-21213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-20T22:33:58Z",
    "nvd_published_at": "2022-06-17T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "This affects all versions of package mout. The deepFillIn function can be used to \u0027fill missing properties recursively\u0027, while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544).",
  "id": "GHSA-vvv8-xw5f-3f88",
  "modified": "2022-06-20T22:33:58Z",
  "published": "2022-06-18T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21213"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mout/mout/pull/279"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mout/mout/commit/17ffdc2a96417a63a0147156dc045e90d0d14c64"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mout/mout"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mout/mout/blob/master/src/object/deepFillIn.js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mout/mout/blob/master/src/object/deepMixIn.js"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-MOUT-2342654"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in mout"
}

GHSA-VWHQ-PM3R-FJM9

Vulnerability from github – Published: 2022-09-16 00:00 – Updated: 2022-09-21 21:08
VLAI
Summary
steal vulnerable to Prototype Pollution via key variable in babel.js
Details

Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "steal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-37266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-21T21:08:01Z",
    "nvd_published_at": "2022-09-15T13:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js.",
  "id": "GHSA-vwhq-pm3r-fjm9",
  "modified": "2022-09-21T21:08:01Z",
  "published": "2022-09-16T00:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37266"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stealjs/steal/issues/1535"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/stealjs/steal"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L29165"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L29169"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "steal vulnerable to Prototype Pollution via key variable in babel.js"
}

GHSA-VWQG-8V6M-FH9W

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2022-12-02 21:30
VLAI
Details

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-17317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-07T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.",
  "id": "GHSA-vwqg-8v6m-fh9w",
  "modified": "2022-12-02T21:30:46Z",
  "published": "2022-05-24T16:58:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17317"
    },
    {
      "type": "WEB",
      "url": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-044"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWRP-X96C-MHWQ

Vulnerability from github – Published: 2026-05-07 04:07 – Updated: 2026-05-14 20:36
VLAI
Summary
vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
Details

Summary

vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox.

Details

BaseHandler.apply() unwraps sandbox-controlled receivers and arguments with otherFromThis() / otherFromThisArguments() and then directly invokes the real host function with ret = otherReflectApply(object, context, args), so any default-exposed host function that can surface a prototype getter becomes a prototype-walking primitive (lib/bridge.js:665-676). BaseHandler.get() special-cases proto and returns the host-side descriptor or proxy target prototype, which is enough for the attacker to reuse the host lookupGetter('proto') accessor repeatedly until the walk lands on host Object.prototype, Array.prototype, or Function.prototype (lib/bridge.js:590-616). Once the attacker has a proxy to a host intrinsic prototype, BaseHandler.set() performs value = otherFromThis(value); return otherReflectSet(object, key, value) === true;, which writes attacker-controlled data directly into the shared host object instead of keeping the mutation sandbox-local; BaseHandler.defineProperty() repeats the same design at otherReflectDefineProperty(object, prop, otherDesc) for descriptor-based writes (lib/bridge.js:641-649, lib/bridge.js:753-774). Existing validation does not stop the attack because the constructor filter only blocks one dangerous-property access pattern, setPrototypeOf() only blocks prototype replacement rather than ordinary property assignment, and containsDangerousConstructor() only protects one later re-unwrapping path instead of the initial host-prototype write sink (lib/bridge.js:494-530, lib/bridge.js:595-610, lib/bridge.js:660-662).

PoC

Run the following code snippet and observe that the value of vm2EscapeMarker is polluted:

const { VM } = require('vm2');
const vm = new VM();
vm.run(`
  const g = ({}).__lookupGetter__;
  const a = Buffer.apply;
  const p = a.apply(g, [Buffer, ['__proto__']]);
  const hostObjectProto = p.call(p.call(p.call(p.call(Buffer.of()))));
  hostObjectProto.vm2EscapeMarker = 'polluted-object-prototype';
`);
console.log({}.vm2EscapeMarker)

Impact

Sandbox escape and prototype pollution.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.10.5"
      },
      "package": {
        "ecosystem": "npm",
        "name": "vm2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.9.6"
            },
            {
              "fixed": "3.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T04:07:05Z",
    "nvd_published_at": "2026-05-13T18:16:17Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nvm2\u0027s bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox.\n\n### Details\nBaseHandler.apply() unwraps sandbox-controlled receivers and arguments with otherFromThis() / otherFromThisArguments() and then directly invokes the real host function with ret = otherReflectApply(object, context, args), so any default-exposed host function that can surface a prototype getter becomes a prototype-walking primitive ([lib/bridge.js:665-676](https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L665-L676)). BaseHandler.get() special-cases __proto__ and returns the host-side descriptor or proxy target prototype, which is enough for the attacker to reuse the host __lookupGetter__(\u0027__proto__\u0027) accessor repeatedly until the walk lands on host Object.prototype, Array.prototype, or Function.prototype ([lib/bridge.js:590-616](https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L590-L616)). Once the attacker has a proxy to a host intrinsic prototype, BaseHandler.set() performs value = otherFromThis(value); return otherReflectSet(object, key, value) === true;, which writes attacker-controlled data directly into the shared host object instead of keeping the mutation sandbox-local; BaseHandler.defineProperty() repeats the same design at otherReflectDefineProperty(object, prop, otherDesc) for descriptor-based writes ([lib/bridge.js:641-649](https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L641-L649), [lib/bridge.js:753-774](https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L753-L774)). Existing validation does not stop the attack because the constructor filter only blocks one dangerous-property access pattern, setPrototypeOf() only blocks prototype replacement rather than ordinary property assignment, and containsDangerousConstructor() only protects one later re-unwrapping path instead of the initial host-prototype write sink ([lib/bridge.js:494-530](https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L494-L530), [lib/bridge.js:595-610](https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L595-L610), [lib/bridge.js:660-662](https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L660-L662)).\n\n### PoC\nRun the following code snippet and observe that the value of vm2EscapeMarker is polluted:\n```\nconst { VM } = require(\u0027vm2\u0027);\nconst vm = new VM();\nvm.run(`\n  const g = ({}).__lookupGetter__;\n  const a = Buffer.apply;\n  const p = a.apply(g, [Buffer, [\u0027__proto__\u0027]]);\n  const hostObjectProto = p.call(p.call(p.call(p.call(Buffer.of()))));\n  hostObjectProto.vm2EscapeMarker = \u0027polluted-object-prototype\u0027;\n`);\nconsole.log({}.vm2EscapeMarker)\n```\n\n### Impact\nSandbox escape and prototype pollution.",
  "id": "GHSA-vwrp-x96c-mhwq",
  "modified": "2026-05-14T20:36:31Z",
  "published": "2026-05-07T04:07:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44005"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/patriksimek/vm2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape"
}

GHSA-VXR4-RXW7-G7V6

Vulnerability from github – Published: 2021-12-16 14:30 – Updated: 2023-09-11 16:21
VLAI
Summary
Prototype Pollution in comb
Details

All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "comb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23561"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-12-14T14:30:03Z",
    "nvd_published_at": "2021-12-10T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "All versions of package comb are vulnerable to Prototype Pollution via the `deepMerge()` function.",
  "id": "GHSA-vxr4-rxw7-g7v6",
  "modified": "2023-09-11T16:21:17Z",
  "published": "2021-12-16T14:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23561"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/C2FO/comb"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-COMB-1730083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in comb"
}

GHSA-W2CQ-G8G3-GM83

Vulnerability from github – Published: 2025-08-12 18:07 – Updated: 2025-08-12 19:19
VLAI
Summary
content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE
Details

Impact

A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called __proto__ you can override the Object prototype.

For example:

const parse = require('content-security-policy-parser');

const x = parse("default-src 'self'; __proto__ foobar");
console.log('raw print:', x);
console.log('toString:', x.toString());

Outputs:

raw print: Array { 'default-src': [ "'self'" ] }
toString: foobar

Whilst no gadget exists in this library, it is possible via other libraries expose functionality that enable RCE. It is customary to label prototype pollution vulnerabilities in this way. The most common effect of this is denial of service, as you can trivially overwrite properties.

As the content security policy is provided in HTTP queries, it is incredibly likely that network exploitation is possible.

Patches

There has been a patch implemented a year ago (11 Feb 2024), but low uptake of patched versions has not been observed in the wild - only 17% of weekly downloads are of patched versions.

Workarounds

By disabling prototype method in NodeJS you can neutralise all possible prototype pollution attacks. Provide either --disable-proto=delete (recommended) or --disable-proto=throw as an argument to node to enable this feature.

References

Issue revealing the problem, January 26 2024 Commit fixing the problem

Credit to @EvanHahn for patching the vulnerability promptly, and @pnappa (Patrick Nappa) for discovery.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "content-security-policy-parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-55164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-12T18:07:44Z",
    "nvd_published_at": "2025-08-12T16:15:29Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nA prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called `__proto__` you can override the Object prototype.\n\nFor example:\n\n```\nconst parse = require(\u0027content-security-policy-parser\u0027);\n\nconst x = parse(\"default-src \u0027self\u0027; __proto__ foobar\");\nconsole.log(\u0027raw print:\u0027, x);\nconsole.log(\u0027toString:\u0027, x.toString());\n```\n\nOutputs:\n\n```\nraw print: Array { \u0027default-src\u0027: [ \"\u0027self\u0027\" ] }\ntoString: foobar\n```\n\nWhilst no gadget exists in this library, it is possible via other libraries expose functionality that enable RCE. It is customary to label prototype pollution vulnerabilities in this way. The most common effect of this is denial of service, as you can trivially overwrite properties.\n\nAs the content security policy is provided in HTTP queries, it is incredibly likely that network exploitation is possible.\n\n### Patches\nThere has been a patch implemented a year ago (11 Feb 2024), but low uptake of patched versions has not been observed in the wild - only 17% of weekly downloads are of patched versions.\n\n### Workarounds\nBy disabling prototype method in NodeJS you can neutralise all possible prototype pollution attacks. Provide either `--disable-proto=delete` (recommended) or `--disable-proto=throw` as an argument to `node` to enable this feature.\n\n### References\n[Issue revealing the problem, January 26 2024](https://github.com/helmetjs/content-security-policy-parser/issues/11)\n[Commit fixing the problem](https://github.com/helmetjs/content-security-policy-parser/commit/b13a52554f0168af393e3e38ed4a94e9e6aea9dc)\n\nCredit to @EvanHahn for patching the vulnerability promptly, and @pnappa (Patrick Nappa) for discovery.",
  "id": "GHSA-w2cq-g8g3-gm83",
  "modified": "2025-08-12T19:19:42Z",
  "published": "2025-08-12T18:07:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/helmetjs/content-security-policy-parser/security/advisories/GHSA-w2cq-g8g3-gm83"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55164"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helmetjs/content-security-policy-parser/issues/11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helmetjs/content-security-policy-parser/commit/b13a52554f0168af393e3e38ed4a94e9e6aea9dc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/helmetjs/content-security-policy-parser"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE"
}

GHSA-W457-6Q6X-CGP9

Vulnerability from github – Published: 2019-12-26 17:58 – Updated: 2022-06-06 17:16
VLAI
Summary
Prototype Pollution in handlebars
Details

Versions of handlebars prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects' __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Recommendation

Upgrade to version 3.0.8, 4.3.0 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "handlebars"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "bootstrap-wysihtml5-rails"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.3.5"
            },
            {
              "last_affected": "0.3.3.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "handlebars"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-19919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-12-26T17:55:40Z",
    "nvd_published_at": "2019-12-20T23:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Versions of `handlebars` prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects\u0027 `__proto__` and `__defineGetter__` properties, which may allow an attacker to execute arbitrary code through crafted payloads.\n\n\n## Recommendation\n\nUpgrade to version 3.0.8, 4.3.0 or later.",
  "id": "GHSA-w457-6q6x-cgp9",
  "modified": "2022-06-06T17:16:15Z",
  "published": "2019-12-26T17:58:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wycats/handlebars.js/issues/1558"
    },
    {
      "type": "WEB",
      "url": "https://github.com/handlebars-lang/handlebars.js/commit/156061eb7707575293613d7fdf90e2bdaac029ee"
    },
    {
      "type": "WEB",
      "url": "https://github.com/handlebars-lang/handlebars.js/commit/90ad8d97ad2933852fb83fcc054699dc99e094db"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wycats/handlebars.js/commit/2078c727c627f25d4a149962f05c1e069beb18bc"
    },
    {
      "type": "WEB",
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19919"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Nerian/bootstrap-wysihtml5-rails/blob/master/vendor/assets/javascripts/bootstrap-wysihtml5/handlebars.runtime.min.js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Nerian/bootstrap-wysihtml5-rails/tree/master/vendor/assets/javascripts/bootstrap-wysihtml5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-wysihtml5-rails/CVE-2019-19919.yml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wycats/handlebars.js"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in handlebars"
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.