Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1321

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321

CVE-2023-26139 HIGH

underscore-keypath <0.0.11 - Prototype Pollution

CVE-2023-3696 CRITICAL

mongoose < 5.13.20 and 7.0.0-7.3.3 - Prototype Pollution

CVE-2023-36665 CRITICAL

protobuf.js <7.2.5 - Prototype Pollution

CVE-2023-26136 MEDIUM

Tough-Cookie <4.1.3 - Prototype Pollution

CVE-2023-26135 HIGH

flatnest - Prototype Pollution via nest() Function

CVE-2023-36475 CRITICAL

Parse Server < 5.5.2 - Remote Code Execution via Prototype Pollution

CVE-2023-26133 HIGH

progressbar.js < 1.1.1 - Prototype Pollution via extend() Function

CVE-2023-26132 HIGH

Package dottie <2.0.4 - Info Disclosure

CVE-2023-2972 CRITICAL

antfu/utils < 0.7.3 - Prototype Pollution

CVE-2023-32305 HIGH

aiven-extras < 1.1.9 - Privilege Escalation via Unqualified Function Name Collision

CVE-2023-2582 MEDIUM

Strikingly CMS - Prototype Pollution leading to Reflected Cross-Site Scripting via URL Fragment Parsing

CVE-2023-30857 LOW

aedart/ion < 0.6.1 - Prototype Pollution in MetadataRecord Merge

CVE-2023-30363 CRITICAL

vConsole < 3.15.1 - Prototype Pollution via setOptions in core.ts

CVE-2023-30533 HIGH

SheetJS Community Edition < 0.19.3 - Prototype Pollution via Crafted File

CVE-2023-26122 HIGH

safe-eval < 0.4.1 - Sandbox Bypass via Prototype Pollution

CVE-2023-26121 HIGH

safe-eval < 0.4.1 - Prototype Pollution via safeEval Function

CVE-2023-0842 MEDIUM

xml2js 0.4.23 - Prototype Pollution via __proto__ Property

CVE-2023-28427 HIGH

matrix-js-sdk <24.0.0 - Info Disclosure

CVE-2023-28103 HIGH

matrix-react-sdk < 3.69.0 - Prototype Pollution via Remote Server Data

CVE-2023-26113 HIGH

collection.js <6.8.1 - Info Disclosure

CVE-2023-26106 HIGH

dot-lens < 1.2.3 - Prototype Pollution via set() Function

CVE-2023-26105 HIGH

Package Utilities - Prototype Pollution

CVE-2023-26102 HIGH

rangy - Prototype Pollution via extend() Function

CVE-2023-23917 HIGH

Rocket.Chat < 5.2.0 - Prototype Pollution leading to Remote Code Execution

CVE-2022-36060 HIGH

matrix-react-sdk < 3.53.0 - Denial of Service via Prototype Pollution

Previous Page 10 of 21 Next

Details

Vulnerabilities 501

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy