CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321
CVE-2021-23433 MEDIUM
algoliasearch-helper < 3.6.2 - Prototype Pollution via SearchParameters._parseNumbers
CVSS 5.9
CVE-2021-3918 CRITICAL
json-schema < 0.4.0 - Prototype Pollution
CVSS 9.8
CVE-2021-23452 HIGH
x-assign - Prototype Pollution via __proto__ Object
CVSS 8.6
CVE-2021-23449 CRITICAL
Vm2 < 3.9.4 - Prototype Pollution
CVSS 9.8
CVE-2021-23448 MEDIUM
config-handler - Prototype Pollution via Config File Loading
CVSS 6.5
CVE-2021-41097 CRITICAL
Aurelia-path <1.1.7 - Prototype Pollution
CVSS 9.1
CVE-2021-39227 MEDIUM
ZRender < 5.2.1 - Prototype Pollution via merge and clone Helper Methods
CVSS 6.2
CVE-2021-23442 HIGH
@cookiex/deep < 0.0.6 - Prototype Pollution via __proto__ Object
CVSS 8.6
CVE-2021-3805 HIGH
object-path < 0.11.8 - Prototype Pollution
CVSS 7.5
CVE-2021-39205 MEDIUM
8x8 jitsi_meet < 2.0.6173 - Cross-Site Scripting via JSON Object Property Injection
CVSS 6.8
CVE-2021-3666 CRITICAL
xml_body_parser < 2.0.3 - Prototype Pollution
CVSS 9.8
CVE-2021-3645 CRITICAL
merge < 1.0.2 - Prototype Pollution
CVSS 9.8
CVE-2021-3766 CRITICAL
objection < 2.2.16 - Prototype Pollution
CVSS 9.8
CVE-2021-3757 CRITICAL
immer < 9.0.5 and >=7.0.0 < 9.0.6 - Prototype Pollution
CVSS 9.8
CVE-2021-23421 MEDIUM
merge-change - Prototype Pollution via utils.set Function
CVSS 5.6
CVE-2021-23419 HIGH
open-graph < 0.2.6 - Prototype Pollution via __proto__ or constructor Payload
CVSS 7.3
CVE-2021-32811 HIGH
Zope 4.0-4.6.2 and 5.0-5.2 - Remote Code Execution via Python Script Object Modification
CVSS 7.5
CVE-2021-32807 MEDIUM
AccessControl 4.0-4.2 - Remote Code Execution via String Formatter Override
CVSS 4.4
CVE-2021-23417 MEDIUM
deepmergefn - Prototype Pollution via deepMerge Function
CVSS 5.6
CVE-2021-23408 MEDIUM
graphhopper < 3.2 - Prototype Pollution via URL Parser
CVSS 5.4
CVE-2021-25953 CRITICAL
putil-merge 1.0.0-3.6.6 - Prototype Pollution
CVSS 9.8
CVE-2021-25952 CRITICAL
just-safe-set 1.0.0-2.2.1 - Prototype Pollution
CVSS 9.8
CVE-2021-23403 HIGH
ts-nodash < 1.2.7 - Prototype Pollution via Merge Function
CVSS 7.3
CVE-2021-23402 HIGH
record-like-deep-assign - Prototype Pollution via Main Functionality
CVSS 7.3
CVE-2021-32736 HIGH
think-helper <1.1.3 - Prototype Pollution
CVSS 7.5
Details
Vulnerabilities 501
Links
MITRE CWE Entry Search this CWE With Exploits