CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321
CVE-2021-25914 CRITICAL
object-collider 1.0.0-1.0.3 - Prototype Pollution leading to Denial of Service and Remote Code Execution
CVSS 9.8
CVE-2021-21297 HIGH
Node-Red <1.2.8 - Prototype Pollution
CVSS 7.7
CVE-2021-27582 CRITICAL
MITREid Connect <1.3.3 - Code Injection
CVSS 9.1
CVE-2021-25913 CRITICAL
set-or-get 1.0.0-1.2.10 - Prototype Pollution
CVSS 9.8
CVE-2021-21304 HIGH
Dynamoose <2.7.0 - Prototype Pollution
CVSS 7.2
CVE-2021-25912 CRITICAL
dotty 0.0.1-0.1.0 - Prototype Pollution
CVSS 9.8
CVE-2021-23329 HIGH
nested-object-assign <1.0.4 - Info Disclosure
CVSS 7.5
CVE-2020-36632 MEDIUM
hughsk flat <5.0.0 - Prototype Pollution
CVSS 6.3
CVE-2020-36618 MEDIUM
Furqan node-whois - Prototype Pollution
CVSS 6.3
CVE-2020-36604 HIGH
hoek <8.5.1, <9.0.3 - Prototype Poisoning
CVSS 8.1
CVE-2020-28471 HIGH
properties-reader < 2.2.0 - Prototype Pollution
CVSS 7.3
CVE-2020-28462 HIGH
ion-parser - Prototype Pollution via INI File Parsing
CVSS 7.3
CVE-2020-28461 HIGH
js-ini < 1.3.0 - Prototype Pollution via Malicious INI File Parsing
CVSS 7.3
CVE-2020-28441 HIGH
conf-cfg-ini < 1.2.2 - Prototype Pollution via Malicious INI File Parsing
CVSS 7.3
CVE-2020-7641 MEDIUM
grunt-util-property - Prototype Pollution via __proto__ Payload
CVSS 4.0
CVE-2020-24939 HIGH
Stampit supermixer < 1.0.5 - Prototype Pollution
CVSS 7.5
CVE-2020-7771 HIGH
asciitable.js <1.0.3 - Info Disclosure
CVSS 7.5
CVE-2020-28460 MEDIUM
multi-ini < 2.1.2 - Prototype Pollution via Constructor Proto Array Bypass
CVSS 5.6
CVE-2020-28448 MEDIUM
multi-ini < 2.1.1 - Prototype Pollution via Array Input
CVSS 5.6
CVE-2020-28458 HIGH
datatables.net < 1.10.23 - Prototype Pollution
CVSS 7.3
CVE-2020-7792 HIGH
mout < 1.2.3 - Prototype Pollution via deepFillIn and deepMixIn Functions
CVSS 7.5
CVE-2020-7788 HIGH
ini < 1.3.6 - Prototype Pollution via Malicious INI File Parsing
CVSS 7.3
CVE-2020-7774 HIGH
y18n <3.2.2, 4.0.1, 5.0.5 - Prototype Pollution
CVSS 7.3
CVE-2020-28268 HIGH
controlled-merge 1.0.0-1.2.0 - Prototype Pollution
CVSS 7.5
CVE-2020-28271 CRITICAL
deephas 1.0.0-1.0.5 - Prototype Pollution leading to Denial of Service and Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 501
Links
MITRE CWE Entry Search this CWE With Exploits