Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1321

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321

CVE-2020-28270 CRITICAL

object-hierarchy-access 0.2.0-0.32.0 - Prototype Pollution

CVE-2020-28269 CRITICAL

field 0.0.1-1.0.1 - Prototype Pollution leading to Denial of Service and Remote Code Execution

CVE-2020-7770 MEDIUM

json8 < 1.0.3 - Prototype Pollution

CVE-2020-7768 HIGH

grpc < 1.24.4 and @grpc/grpc-js < 1.1.8 - Prototype Pollution via loadPackageDefinition

CVE-2020-7766 HIGH

json-ptr < 2.0.0 - Prototype Pollution via Force Flag in Set Operation

CVE-2020-7746 HIGH

chart.js < 2.9.4 - Prototype Pollution via Options Parameter

CVE-2020-7751 MEDIUM

pathval < 1.1.1 - Prototype Pollution

CVE-2020-7748 MEDIUM

Ts.ed < 5.65.7 - Prototype Pollution

CVE-2020-7743 HIGH

mathjs < 7.5.1 - Prototype Pollution via deepExtend Function

CVE-2020-7709 MEDIUM

json-pointer < 0.6.1 - Prototype Pollution via Slash Reference Handling

CVE-2020-7737 HIGH

safetydance - Prototype Pollution via set Function

CVE-2020-7736 HIGH

bmoor < 0.8.12 - Prototype Pollution via set Function

CVE-2020-8158 CRITICAL

TypeORM <0.2.25 - Prototype Pollution

CVE-2020-7727 CRITICAL

gedi - Prototype Pollution via set Function

CVE-2020-7726 CRITICAL

safe-object2 - Prototype Pollution via Setter Function

CVE-2020-7725 CRITICAL

worksmith - Prototype Pollution via setValue Function

CVE-2020-7724 CRITICAL

tiny-conf - Prototype Pollution via Set Function

CVE-2020-7723 CRITICAL

promisehelpers - Prototype Pollution via Insert Function

CVE-2020-7722 CRITICAL

nodee-utils < 1.2.3 - Prototype Pollution via deepSet Function

CVE-2020-7721 CRITICAL

node-oojs - Prototype Pollution via setPath Function

CVE-2020-7720 CRITICAL

node-forge < 0.10.0 - Prototype Pollution via util.setPath

CVE-2020-7719 CRITICAL

locutus < 2.0.12 - Prototype Pollution via php.strings.parse_str

CVE-2020-7718 CRITICAL

gammautils - Prototype Pollution via deepSet and deepMerge Functions

CVE-2020-7717 CRITICAL

dot-notes - Prototype Pollution via create Function

CVE-2020-7716 CRITICAL

deeps - Prototype Pollution via set Function

Previous Page 18 of 21 Next

Details

Vulnerabilities 501

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy