Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

779 vulnerabilities reference this CWE, most recent first.

CVE-2023-39296 (GCVE-0-2023-39296)

Vulnerability from cvelistv5 – Published: 2024-01-05 16:19 – Updated: 2025-06-03 14:41
VLAI
Title
QTS, QuTS hero
Summary
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: 5.1.x , < 5.1.3.2578 build 20231110 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: h5.1.x , < h5.1.3.2578 build 20231110 (custom)
Create a notification for this product.
Credits
Anonymous working with SSD Secure Disclosure
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:02:06.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qnap.com/en/security-advisory/qsa-23-64"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T18:43:51.275557Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T14:41:20.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.1.3.2578 build 20231110",
              "status": "affected",
              "version": "5.1.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.1.3.2578 build 20231110",
              "status": "affected",
              "version": "h5.1.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Anonymous working with SSD Secure Disclosure"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003e"
            }
          ],
          "value": "A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-77",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-77"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T16:19:20.645Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-23-64"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.3.2578 build 20231110 and later\u003cbr\u003eQuTS hero h5.1.3.2578 build 20231110 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\n"
        }
      ],
      "source": {
        "advisory": "QSA-23-64",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2023-39296",
    "datePublished": "2024-01-05T16:19:20.645Z",
    "dateReserved": "2023-07-27T06:46:01.476Z",
    "dateUpdated": "2025-06-03T14:41:20.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36475 (GCVE-0-2023-36475)

Vulnerability from cvelistv5 – Published: 2023-06-28 22:32 – Updated: 2024-11-27 14:44
VLAI
Title
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Summary
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
Impacted products
Vendor Product Version
parse-community parse-server Affected: < 5.5.2
Affected: >= 6.0.0, < 6.2.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:45:57.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6"
          },
          {
            "name": "https://github.com/parse-community/parse-server/issues/8674",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/issues/8674"
          },
          {
            "name": "https://github.com/parse-community/parse-server/issues/8675",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/issues/8675"
          },
          {
            "name": "https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90"
          },
          {
            "name": "https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f"
          },
          {
            "name": "https://github.com/parse-community/parse-server/releases/tag/5.5.2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.2"
          },
          {
            "name": "https://github.com/parse-community/parse-server/releases/tag/6.2.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/releases/tag/6.2.1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36475",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:43:51.427204Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:44:09.330Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parse-server",
          "vendor": "parse-community",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.5.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-28T22:32:10.081Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6"
        },
        {
          "name": "https://github.com/parse-community/parse-server/issues/8674",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/issues/8674"
        },
        {
          "name": "https://github.com/parse-community/parse-server/issues/8675",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/issues/8675"
        },
        {
          "name": "https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90"
        },
        {
          "name": "https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f"
        },
        {
          "name": "https://github.com/parse-community/parse-server/releases/tag/5.5.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.2"
        },
        {
          "name": "https://github.com/parse-community/parse-server/releases/tag/6.2.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/releases/tag/6.2.1"
        }
      ],
      "source": {
        "advisory": "GHSA-462x-c3jw-7vr6",
        "discovery": "UNKNOWN"
      },
      "title": "Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-36475",
    "datePublished": "2023-06-28T22:32:10.081Z",
    "dateReserved": "2023-06-21T18:50:41.703Z",
    "dateUpdated": "2024-11-27T14:44:09.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32305 (GCVE-0-2023-32305)

Vulnerability from cvelistv5 – Published: 2023-05-12 18:46 – Updated: 2025-02-13 16:50
VLAI
Title
aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path
Summary
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.
CWE
  • CWE-20 - Improper Input Validation
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
Impacted products
Vendor Product Version
aiven aiven-extras Affected: < 1.1.9
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/aiven/aiven-extras/security/advisories/GHSA-7r4w-fw4h-67gp",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/aiven/aiven-extras/security/advisories/GHSA-7r4w-fw4h-67gp"
          },
          {
            "name": "https://github.com/aiven/aiven-extras/commit/8682ae01bec0791708bf25791786d776e2fb0250",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aiven/aiven-extras/commit/8682ae01bec0791708bf25791786d776e2fb0250"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230616-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aiven-extras",
          "vendor": "aiven",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.1.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-16T14:06:19.638Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/aiven/aiven-extras/security/advisories/GHSA-7r4w-fw4h-67gp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aiven/aiven-extras/security/advisories/GHSA-7r4w-fw4h-67gp"
        },
        {
          "name": "https://github.com/aiven/aiven-extras/commit/8682ae01bec0791708bf25791786d776e2fb0250",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aiven/aiven-extras/commit/8682ae01bec0791708bf25791786d776e2fb0250"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230616-0006/"
        }
      ],
      "source": {
        "advisory": "GHSA-7r4w-fw4h-67gp",
        "discovery": "UNKNOWN"
      },
      "title": "aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-32305",
    "datePublished": "2023-05-12T18:46:55.995Z",
    "dateReserved": "2023-05-08T13:26:03.877Z",
    "dateUpdated": "2025-02-13T16:50:30.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30857 (GCVE-0-2023-30857)

Vulnerability from cvelistv5 – Published: 2023-04-28 20:37 – Updated: 2025-01-30 19:50
VLAI
Title
@aedart/support possibly vulnerable to prototype pollution in metadata record, when using meta decorator
Summary
@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
Vendor Product Version
aedart ion Affected: < 0.6.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:37:15.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/aedart/ion/security/advisories/GHSA-wwxh-74fx-33c6",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/aedart/ion/security/advisories/GHSA-wwxh-74fx-33c6"
          },
          {
            "name": "https://github.com/aedart/ion/commit/c3e2ee08710d4164d796ecb66ed291335dae9291",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aedart/ion/commit/c3e2ee08710d4164d796ecb66ed291335dae9291"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30857",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T19:50:08.558162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-30T19:50:17.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ion",
          "vendor": "aedart",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class\u0027 metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class\u0027s metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-28T20:37:41.391Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/aedart/ion/security/advisories/GHSA-wwxh-74fx-33c6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aedart/ion/security/advisories/GHSA-wwxh-74fx-33c6"
        },
        {
          "name": "https://github.com/aedart/ion/commit/c3e2ee08710d4164d796ecb66ed291335dae9291",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aedart/ion/commit/c3e2ee08710d4164d796ecb66ed291335dae9291"
        }
      ],
      "source": {
        "advisory": "GHSA-wwxh-74fx-33c6",
        "discovery": "UNKNOWN"
      },
      "title": "@aedart/support possibly vulnerable to prototype pollution in metadata record, when using meta decorator"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-30857",
    "datePublished": "2023-04-28T20:37:41.391Z",
    "dateReserved": "2023-04-18T16:13:15.882Z",
    "dateUpdated": "2025-01-30T19:50:17.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28427 (GCVE-0-2023-28427)

Vulnerability from cvelistv5 – Published: 2023-03-28 20:32 – Updated: 2025-02-18 20:03
VLAI
Title
Prototype pollution in matrix-js-sdk
Summary
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
Impacted products
Vendor Product Version
matrix-org matrix-js-sdk Affected: < 24.0.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:25.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr"
          },
          {
            "name": "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5392"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00027.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-36"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28427",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T20:03:37.180251Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T20:03:47.555Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "matrix-js-sdk",
          "vendor": "matrix-org",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 24.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer\u0027s ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T05:09:23.758Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr"
        },
        {
          "name": "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5392"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00027.html"
        },
        {
          "url": "https://security.gentoo.org/glsa/202305-36"
        }
      ],
      "source": {
        "advisory": "GHSA-mwq8-fjpf-c2gr",
        "discovery": "UNKNOWN"
      },
      "title": "Prototype pollution in matrix-js-sdk"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-28427",
    "datePublished": "2023-03-28T20:32:22.116Z",
    "dateReserved": "2023-03-15T15:59:10.050Z",
    "dateUpdated": "2025-02-18T20:03:47.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28103 (GCVE-0-2023-28103)

Vulnerability from cvelistv5 – Published: 2023-03-28 20:37 – Updated: 2025-02-18 17:26
VLAI
Title
Prototype pollution in matrix-react-sdk
Summary
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the `Object.prototype`, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:30:24.072Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-6g43-88cp-w5gv",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-6g43-88cp-w5gv"
          },
          {
            "name": "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28103",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T17:26:21.320678Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T17:26:55.589Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "matrix-react-sdk",
          "vendor": "matrix-org",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.69.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the `Object.prototype`, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-28T20:37:24.288Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-6g43-88cp-w5gv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-6g43-88cp-w5gv"
        },
        {
          "name": "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0"
        }
      ],
      "source": {
        "advisory": "GHSA-6g43-88cp-w5gv",
        "discovery": "UNKNOWN"
      },
      "title": "Prototype pollution in matrix-react-sdk"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-28103",
    "datePublished": "2023-03-28T20:37:24.288Z",
    "dateReserved": "2023-03-10T18:34:29.226Z",
    "dateUpdated": "2025-02-18T17:26:55.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6293 (GCVE-0-2023-6293)

Vulnerability from cvelistv5 – Published: 2023-11-24 19:51 – Updated: 2024-08-02 08:28
VLAI
Title
Prototype Pollution in robinbuschmann/sequelize-typescript
Summary
Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6.
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
Impacted products
Vendor Product Version
robinbuschmann robinbuschmann/sequelize-typescript Affected: unspecified , < 2.1.6 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/robinbuschmann/sequelize-typescript/commit/5ce8afdd1671b08c774ce106b000605ba8fccf78"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "robinbuschmann/sequelize-typescript",
          "vendor": "robinbuschmann",
          "versions": [
            {
              "lessThan": "2.1.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-24T19:51:55.099Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2"
        },
        {
          "url": "https://github.com/robinbuschmann/sequelize-typescript/commit/5ce8afdd1671b08c774ce106b000605ba8fccf78"
        }
      ],
      "source": {
        "advisory": "36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2",
        "discovery": "EXTERNAL"
      },
      "title": "Prototype Pollution in robinbuschmann/sequelize-typescript"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2023-6293",
    "datePublished": "2023-11-24T19:51:55.099Z",
    "dateReserved": "2023-11-24T19:51:40.808Z",
    "dateUpdated": "2024-08-02T08:28:21.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3696 (GCVE-0-2023-3696)

Vulnerability from cvelistv5 – Published: 2023-07-17 00:00 – Updated: 2024-10-30 14:16
VLAI
Title
Prototype Pollution in automattic/mongoose
Summary
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
Impacted products
Vendor Product Version
automattic automattic/mongoose Affected: unspecified , < 7.3.4 (custom)
Create a notification for this product.
mongoosejs mongoose Affected: 0 , < 7.3.4 (custom)
    cpe:2.3:a:mongoosejs:mongoose:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:57.352Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/1eef5a72-f6ab-4f61-b31d-fc66f5b4b467"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/automattic/mongoose/commit/305ce4ff789261df7e3f6e72363d0703e025f80d"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mongoosejs:mongoose:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mongoose",
            "vendor": "mongoosejs",
            "versions": [
              {
                "lessThan": "7.3.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3696",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T14:09:03.399828Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T14:16:54.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "automattic/mongoose",
          "vendor": "automattic",
          "versions": [
            {
              "lessThan": "7.3.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-17T00:00:21.160Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/1eef5a72-f6ab-4f61-b31d-fc66f5b4b467"
        },
        {
          "url": "https://github.com/automattic/mongoose/commit/305ce4ff789261df7e3f6e72363d0703e025f80d"
        }
      ],
      "source": {
        "advisory": "1eef5a72-f6ab-4f61-b31d-fc66f5b4b467",
        "discovery": "EXTERNAL"
      },
      "title": "Prototype Pollution in automattic/mongoose"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-3696",
    "datePublished": "2023-07-17T00:00:21.160Z",
    "dateReserved": "2023-07-17T00:00:07.556Z",
    "dateUpdated": "2024-10-30T14:16:54.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2972 (GCVE-0-2023-2972)

Vulnerability from cvelistv5 – Published: 2023-05-30 00:00 – Updated: 2025-01-10 18:53
VLAI
Title
Prototype Pollution in antfu/utils
Summary
Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
Impacted products
Vendor Product Version
antfu antfu/utils Affected: unspecified , < 0.7.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:03.932Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/009f1cd9-401c-49a7-bd08-be35cff6faef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/antfu/utils/commit/7f8b16c6181c988bdb96613fbb2533b345f68682"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2972",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-10T18:52:53.314998Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-10T18:53:01.436Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "antfu/utils",
          "vendor": "antfu",
          "versions": [
            {
              "lessThan": "0.7.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/009f1cd9-401c-49a7-bd08-be35cff6faef"
        },
        {
          "url": "https://github.com/antfu/utils/commit/7f8b16c6181c988bdb96613fbb2533b345f68682"
        }
      ],
      "source": {
        "advisory": "009f1cd9-401c-49a7-bd08-be35cff6faef",
        "discovery": "EXTERNAL"
      },
      "title": "Prototype Pollution in antfu/utils"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-2972",
    "datePublished": "2023-05-30T00:00:00.000Z",
    "dateReserved": "2023-05-30T00:00:00.000Z",
    "dateUpdated": "2025-01-10T18:53:01.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1717 (GCVE-0-2023-1717)

Vulnerability from cvelistv5 – Published: 2023-11-01 09:03 – Updated: 2024-09-05 19:45
VLAI
Title
Bitrix24 Cross-Site Scripting (XSS) via Client-side Prototype Pollution
Summary
Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-1321 - Prototype Pollution
Assigner
References
URL Tags
https://starlabs.sg/advisories/23/23-1717/ third-party-advisory
Impacted products
Vendor Product Version
Bitrix24 Bitrix24 Affected: 0 , ≤ 22.0.300 (custom)
Create a notification for this product.
Credits
Lam Jun Rong & Li Jiantao of STAR Labs SG Pte. Ltd. (@starlabs_sg)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:57:25.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://starlabs.sg/advisories/23/23-1717/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1717",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T19:45:20.621150Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-05T19:45:36.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Bitrix24",
          "programFiles": [
            "file:bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js",
            "file:bitrix/js/main/core/core.js"
          ],
          "vendor": "Bitrix24",
          "versions": [
            {
              "lessThanOrEqual": "22.0.300",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Lam Jun Rong \u0026 Li Jiantao of STAR Labs SG Pte. Ltd. (@starlabs_sg)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003ePrototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim\u2019s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`.\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "\nPrototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim\u2019s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`.\n\n\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-588",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-588 DOM-Based XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321 Prototype Pollution",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-01T09:03:46.376Z",
        "orgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
        "shortName": "STAR_Labs"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://starlabs.sg/advisories/23/23-1717/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Bitrix24 Cross-Site Scripting (XSS) via Client-side Prototype Pollution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
    "assignerShortName": "STAR_Labs",
    "cveId": "CVE-2023-1717",
    "datePublished": "2023-11-01T09:03:46.376Z",
    "dateReserved": "2023-03-30T09:17:02.993Z",
    "dateUpdated": "2024-09-05T19:45:36.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.