Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1321

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321

CVE-2020-7715 CRITICAL

deep-get-set < 1.1.1 - Prototype Pollution via Main Function

CVE-2020-7714 CRITICAL

confucious - Prototype Pollution via set Function

CVE-2020-7713 CRITICAL

arr-flatten-unflatten - Prototype Pollution via Constructor

CVE-2020-7708 CRITICAL

irrelon-path < 4.7.0 - Prototype Pollution via set, unSet, pushVal, and pullVal Functions

CVE-2020-7707 CRITICAL

property-expr < 2.0.3 - Prototype Pollution via Setter Function

CVE-2020-7706 CRITICAL

connie-lang < 0.1.1 - Prototype Pollution

CVE-2020-7704 CRITICAL

linux-cmdline < 1.0.1 - Prototype Pollution via Constructor

CVE-2020-7703 CRITICAL

nis-utils - Prototype Pollution via setValue Function

CVE-2020-7702 CRITICAL

templ8 - Prototype Pollution via Parse Function

CVE-2020-7701 CRITICAL

madlib-object-utils < 0.1.7 - Prototype Pollution via setValue

CVE-2020-7700 CRITICAL

php.js - Prototype Pollution via parse_str

CVE-2020-7699 HIGH

express-fileupload < 1.1.8 - Denial of Service and Remote Code Execution via Corrupt HTTP Request

CVE-2020-15366 MEDIUM

ajv < 6.12.3 - Prototype Pollution via Crafted JSON Schema

CVE-2020-8203 HIGH

lodash < 4.17.20 - Prototype Pollution via _.zipObjectDeep

CVE-2020-7679 HIGH

casperjs - Prototype Pollution via mergeObjects Utility Function

CVE-2020-11066 HIGH

TYPO3 CMS >=9.0.0 <9.5.17, >=10.0.0 <10.4.2 - Code Injection

CVE-2020-7644 HIGH

fun-map < 3.3.1 - Prototype Pollution via assocInM Function

CVE-2020-7643 MEDIUM

paypal-adaptive <= 0.4.2 - Prototype Pollution via __proto__ Payload

CVE-2020-12079 CRITICAL

Beaker < 0.8.9 - Remote Code Execution via Prototype Pollution

CVE-2020-7618 MEDIUM

sds < 3.2.0 - Prototype Pollution via set Function

CVE-2020-7616 MEDIUM

express-mock-middleware <= 0.0.6 - Prototype Pollution via Exported Functions

CVE-2020-7639 MEDIUM

eivindfjeldstad-dot < 1.0.3 - Prototype Pollution via 'set' Function

CVE-2020-7638 MEDIUM

confinit < 0.3.0 - Prototype Pollution via setDeepProperty Function

CVE-2020-7637 MEDIUM

class-transformer < 0.3.1 - Prototype Pollution via classToPlainFromExist

CVE-2020-7617 MEDIUM

ini-parser <= 0.0.2 - Prototype Pollution via __proto__ Payload

Previous Page 19 of 21 Next

Details

Vulnerabilities 501

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy