Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1321

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321

CVE-2021-44906 CRITICAL

Minimist <=1.2.5 - Prototype Pollution via setKey Function

CVE-2021-44908 CRITICAL

Sails.js <=1.4.0 - Prototype Pollution via loadActionModules()

CVE-2021-23771 MEDIUM

notevil and argencoders-notevil - Prototype Pollution via Sandbox Escape

CVE-2021-43956 MEDIUM

Atlassian Crucible and Fisheye < 4.8.9 - Prototype Pollution via jQuery Deserialize

CVE-2021-23702 HIGH

object-extend < 0.5.0 - Prototype Pollution

CVE-2021-23682 HIGH

appwrite < 0.11.1 and 0.12.0-0.12.2 - Prototype Pollution via Query String Parsing

CVE-2021-23597 HIGH

fastify-multipart < 5.3.1 - Denial of Service via Constructor Property Bypass

CVE-2021-23507 HIGH

object-path-set < 1.0.2 - Prototype Pollution via setPath Method

CVE-2021-23497 HIGH

@strikeentco/set < 1.0.2 - Prototype Pollution leading to Denial of Service and Remote Code Execution

CVE-2021-23470 HIGH

putil-merge < 3.8.0 - Prototype Pollution via Malicious Constructor Property

CVE-2021-23760 MEDIUM

keyget - Prototype Pollution via set, push, and at Methods

CVE-2021-23558 HIGH

bmoor < 0.10.1 - Prototype Pollution via set Function

CVE-2021-23518 HIGH

cached-path-relative < 1.1.0 - Prototype Pollution via Cache Variable

CVE-2021-23460 HIGH

min-dash < 3.8.1 - Prototype Pollution via Set Method

CVE-2021-23594 CRITICAL

realms-shim - Sandbox Bypass via Prototype Pollution

CVE-2021-23568 HIGH

extend2 < 1.0.1 - Prototype Pollution via Unsafe Recursive Merge

CVE-2021-23543 CRITICAL

realms-shim - Sandbox Bypass via Prototype Pollution

CVE-2021-43852 HIGH

OroPlatform <4.2.7 - Code Injection

CVE-2021-23574 HIGH

js-data < 3.0.11 - Prototype Pollution via deepFillIn and set Functions

CVE-2021-23450 HIGH

dojo < 1.17.0 - Prototype Pollution via setObject Function

CVE-2021-23700 MEDIUM

merge-deep2 - Prototype Pollution via mergeDeep() Function

CVE-2021-23663 MEDIUM

sey - Prototype Pollution via deepmerge()

CVE-2021-23561 MEDIUM

comb - Prototype Pollution via deepMerge() Function

CVE-2021-3815 CRITICAL

utils.js < 0.17.2 - Prototype Pollution

CVE-2021-43787 CRITICAL

NodeBB 1.15.5-1.18.4 - Authenticated DOM-Based Cross-Site Scripting via Prototype Pollution

Previous Page 14 of 21 Next

Details

Vulnerabilities 501

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy