CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321
CVE-2021-23396 MEDIUM
lutils - Prototype Pollution via Merge Function
CVSS 5.6
CVE-2021-23395 HIGH
nedb - Prototype Pollution via __proto__ or constructor.prototype Payload
CVSS 7.3
CVE-2021-25949 CRITICAL
set-getter 0.1.0 - Prototype Pollution
CVSS 9.8
CVE-2021-25948 CRITICAL
expand-hash 0.1.0-1.0.1 - Prototype Pollution
CVSS 9.8
CVE-2021-25947 CRITICAL
nestie < 1.0.0 - Prototype Pollution
CVSS 9.8
CVE-2021-26707 CRITICAL
merge-deep < 3.0.3 - Prototype Pollution via Object Property Overwrite
CVSS 9.8
CVE-2021-25945 CRITICAL
js-extend 0.0.1-1.0.1 - Prototype Pollution
CVSS 9.8
CVE-2021-25946 CRITICAL
nconf-toml 0.0.1-0.0.2 - Prototype Pollution
CVSS 9.8
CVE-2021-25944 CRITICAL
deep-defaults 1.0.0-1.0.5 - Prototype Pollution
CVSS 9.8
CVE-2021-25943 CRITICAL
101 1.0.0-1.6.3 - Prototype Pollution leading to Denial of Service and Remote Code Execution
CVSS 9.8
CVE-2021-25941 CRITICAL
deep-override 1.0.0-1.0.1 - Prototype Pollution leading to Denial of Service
CVSS 9.8
CVE-2021-23383 MEDIUM
handlebars < 4.7.7 - Prototype Pollution via Template Compilation
CVSS 5.6
CVE-2021-28860 CRITICAL
mixme < 0.5.1 - Prototype Pollution via __proto__ in mutate() and merge()
CVSS 9.1
CVE-2021-25928 CRITICAL
safe-obj 1.0.0-1.0.2 - Prototype Pollution
CVSS 9.8
CVE-2021-25927 CRITICAL
safe-flat 2.0.0-2.0.1 - Prototype Pollution leading to Denial of Service and Remote Code Execution
CVSS 9.8
CVE-2021-20089 HIGH
purl 2.3.2 - Prototype Pollution
CVSS 8.8
CVE-2021-20086 HIGH
jquery-bbq 1.2.1 - Prototype Pollution
CVSS 8.8
CVE-2021-20085 HIGH
backbone-query-parameters 0.4.0 - Prototype Pollution
CVSS 8.8
CVE-2021-20083 HIGH
jquery-plugin-query-object 2.2.3 - Prototype Pollution
CVSS 8.8
CVE-2021-20088 HIGH
mootools-more 1.6.0 - Prototype Pollution
CVSS 8.8
CVE-2021-20087 HIGH
jquery-deparam 0.5.1 - Prototype Pollution
CVSS 8.8
CVE-2021-20084 HIGH
jquery-sparkle 1.5.2-beta - Prototype Pollution
CVSS 8.8
CVE-2021-25916 CRITICAL
patchmerge 1.0.0-1.0.1 - Prototype Pollution
CVSS 9.8
CVE-2021-21368 MEDIUM
msgpack5 < 3.6.1 - Prototype Poisoning via __proto__ Key Decoding
CVSS 6.7
CVE-2021-25915 CRITICAL
changeset 0.0.1-0.2.5 - Prototype Pollution leading to Denial of Service and Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 501
Links
MITRE CWE Entry Search this CWE With Exploits