CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321
CVE-2022-1295 CRITICAL
fullpage < 4.0.2 - Prototype Pollution
CVSS 9.8
CVE-2022-24802 HIGH
deepmerge-ts < 4.0.2 - Prototype Pollution via defaultMergeRecords Function
CVSS 8.1
CVE-2022-26260 CRITICAL
Simple-Plist <1.3.0 - Info Disclosure
CVSS 9.8
CVE-2022-25354 HIGH
set-in < 2.0.3 - Prototype Pollution via setIn Method
CVSS 8.6
CVE-2022-25352 HIGH
libnested < 1.5.2 - Prototype Pollution via set Function
CVSS 7.5
CVE-2022-25296 MEDIUM
bodymen < 1.1.1 - Prototype Pollution via Handler Function
CVSS 6.3
CVE-2022-24760 CRITICAL
Parse Server < 4.10.7 - Remote Code Execution via Prototype Pollution in DatabaseController.js
CVSS 10.0
CVE-2022-23395 MEDIUM
jquery.cookie 1.4.1 - Prototype Pollution leading to DOM Cross-Site Scripting
CVSS 6.1
CVE-2022-21824 HIGH
Node.js 12.0.0-12.22.8 and 17.0.0-17.3.0 - Prototype Pollution via console.table() Properties Parameter
CVSS 8.2
CVE-2022-22912 CRITICAL
plist < 3.0.4 - Prototype Pollution via .parse()
CVSS 9.8
CVE-2022-23631 CRITICAL
blitzjs superjson < 1.8.1 - Unauthenticated Remote Code Execution via Prototype Pollution
CVSS 9.0
CVE-2022-23624 HIGH
frourio-express < 0.26.0 - Improper Input Validation via Class-Validator Integration
CVSS 8.1
CVE-2022-23623 HIGH
frourio < 0.26.0 - Improper Input Validation in class-validator Integration
CVSS 8.1
CVE-2022-0432 MEDIUM
Mastodon < 3.5.0 - Prototype Pollution
CVSS 6.1
CVE-2021-26505 CRITICAL
hello.js 1.18.6 - Prototype Pollution via hello.utils.extend
CVSS 9.8
CVE-2021-4307 MEDIUM
Yomguithereal Baobab <2.6.0 - Prototype Pollution
CVSS 6.3
CVE-2021-4279 MEDIUM
Starcounter-Jack JSON-Patch <3.1.0 - Prototype Pollution
CVSS 6.3
CVE-2021-4278 MEDIUM
cronvel tree-kit <0.7.0 - Prototype Pollution
CVSS 5.5
CVE-2021-4264 MEDIUM
LinkedIn dustjs <3.0.0 - Prototype Pollution
CVSS 6.3
CVE-2021-4245 MEDIUM
chbrown rfc6902 - Prototype Pollution
CVSS 5.5
CVE-2021-23397 MEDIUM
@ianwalter/merge - Prototype Pollution via Merge Function
CVSS 5.6
CVE-2021-23373 HIGH
set-deep-prop - Prototype Pollution via Main Functionality
CVSS 7.5
CVE-2021-40663 CRITICAL
deep.assign 0.0.0-alpha.0 - Prototype Pollution
CVSS 9.8
CVE-2021-42581 CRITICAL
ramda < 0.27.0 - Prototype Pollution via mapObjIndexed Function
CVSS 9.1
CVE-2021-43138 HIGH
Async <2.6.4, <3.2.2 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 501
Links
MITRE CWE Entry Search this CWE With Exploits