Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1321

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Parent: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

501 vulnerabilities with CWE-1321

CVE-2024-34273 MEDIUM

njwt < 2.0.1 - Prototype Pollution via Parser.prototype.parse Method

CVE-2024-34698 MEDIUM

FreeScout < 1.8.139 - Prototype Pollution via getQueryParam Function

CVE-2024-34148 MEDIUM

Jenkins Subversion Partial Release Manager Plugin <1.0.1 - RCE

CVE-2024-32866 HIGH

Conform < 1.1.1 - Prototype Pollution via Nested Object Parsing

CVE-2024-30564 CRITICAL

nora-firebase-common 1.0.41-1.12.2 - Remote Code Execution via updateState Parameter Prototype Pollution

CVE-2024-21509 MEDIUM

sidorares/mysql2 < 3.9.4 - Prototype Pollution via Insecure Results Object Creation

CVE-2024-29650 CRITICAL

@thi.ng/paths < 5.1.63 - Prototype Pollution via mutIn and mutInManyUnsafe Components

CVE-2024-21505 HIGH

web3-utils < 4.2.1 - Prototype Pollution via Format and MergeDeep Utility Functions

CVE-2024-2495 MEDIUM

FriendlyWrt <2022-11-16.51b3d35 - Info Disclosure

CVE-2024-27307 CRITICAL

JSONata <1.8.7, >1.4.0 & <2.0.4 - RCE

CVE-2024-23339 MEDIUM

hoolock 2.0.0-2.2.1 - Prototype Pollution via Object Path Utility Functions

CVE-2023-0163 HIGH

Mozilla Convict - Prototype Pollution

CVE-2023-39296 HIGH

QNAP QTS and QuTS hero - Prototype Pollution via Network Request

CVE-2023-46308 CRITICAL

plotly.js < 2.25.2 - Prototype Pollution via expandObjectPaths or nestedProperty

CVE-2023-26920 MEDIUM

fast-xml-parser <4.1.2 - Info Disclosure

CVE-2023-26158 HIGH

mock.js < 1.1.0 - Prototype Pollution via Util.extend Function

CVE-2023-6293 HIGH

robinbuschmann/sequelize-typescript <2.1.6 - Info Disclosure

CVE-2023-45827 HIGH

clickbar/dot-diver < 1.0.2 - Prototype Pollution via setByPath Function

CVE-2023-1717 CRITICAL

Bitrix24 22.0.300 - Prototype Pollution leading to Cross-Site Scripting and Potential Remote Code Execution

CVE-2023-3965 MEDIUM

National Show Centre NSC WordPress Theme <= 1.0 - Unauthenticated Reflected Cross-Site Scripting via Prototype Pollution

CVE-2023-3962 MEDIUM

Winters - WordPress Blog Theme <= 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via Prototype Pollution

CVE-2023-3933 MEDIUM

Your Journey < 1.9.8 - Unauthenticated Reflected Cross-Site Scripting via Prototype Pollution

CVE-2023-45811 HIGH

Synchrony < 2.4.4 - Prototype Pollution via LiteralMap Transformer

CVE-2023-45282 HIGH

NASA Open MCT < 3.1.0 - Prototype Pollution via Import Action

CVE-2023-38894 CRITICAL

tree-kit < 0.7.4 - Prototype Pollution via extend Function

Previous Page 9 of 21 Next

Details

Vulnerabilities 501

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy