Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

782 vulnerabilities reference this CWE, most recent first.

GHSA-87QP-7CW8-8Q9C

Vulnerability from github – Published: 2024-03-25 06:30 – Updated: 2024-03-27 21:57
VLAI
Summary
Duplicate Advisory: web3-utils Prototype Pollution vulnerability
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-2g4c-8fpm-c46v. This link is maintained to preserve external references.

Original Description

Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "web3-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-25T19:36:43Z",
    "nvd_published_at": "2024-03-25T05:15:50Z",
    "severity": "HIGH"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2g4c-8fpm-c46v. This link is maintained to preserve external references.\n\n## Original Description\nVersions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge.\nAn attacker can manipulate an object\u0027s prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.",
  "id": "GHSA-87qp-7cw8-8q9c",
  "modified": "2024-03-27T21:57:36Z",
  "published": "2024-03-25T06:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21505"
    },
    {
      "type": "WEB",
      "url": "https://github.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/web3/web3.js"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: web3-utils Prototype Pollution vulnerability",
  "withdrawn": "2024-03-27T21:57:36Z"
}

GHSA-88VR-HJQX-57QH

Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-03 20:04
VLAI
Summary
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
Details

adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@adolph_dudu/ratio-swiper"
      },
      "versions": [
        "0.0.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-38997"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-01T22:34:44Z",
    "nvd_published_at": "2024-07-01T13:15:05Z",
    "severity": "MODERATE"
  },
  "details": "adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.",
  "id": "GHSA-88vr-hjqx-57qh",
  "modified": "2024-07-03T20:04:00Z",
  "published": "2024-07-01T15:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38997"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Adophlidu/swiper"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults"
}

GHSA-896R-F27R-55MW

Vulnerability from github – Published: 2021-11-19 20:16 – Updated: 2025-01-17 21:31
VLAI
Summary
json-schema is vulnerable to Prototype Pollution
Details

json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "json-schema"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-15T22:44:27Z",
    "nvd_published_at": "2021-11-13T09:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027).",
  "id": "GHSA-896r-f27r-55mw",
  "modified": "2025-01-17T21:31:38Z",
  "published": "2021-11-19T20:16:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kriszyp/json-schema"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250117-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "json-schema is vulnerable to Prototype Pollution"
}

GHSA-897M-RJF5-JP39

Vulnerability from github – Published: 2022-01-06 20:35 – Updated: 2021-03-24 23:59
VLAI
Summary
Prototype Pollution in copy-props
Details

The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "copy-props"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-28503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-24T23:59:08Z",
    "nvd_published_at": "2021-03-23T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.",
  "id": "GHSA-897m-rjf5-jp39",
  "modified": "2021-03-24T23:59:08Z",
  "published": "2022-01-06T20:35:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28503"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gulpjs/copy-props/pull/7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gulpjs/copy-props/commit/2c738f5c52cfb384b43d977a56a3ab7ce465df9b"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088047"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-COPYPROPS-1082870"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in copy-props"
}

GHSA-898C-Q2CR-XWHG

Vulnerability from github – Published: 2026-05-29 15:54 – Updated: 2026-06-12 19:25
VLAI
Summary
axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
Details

Summary

axios 1.15.2 exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process (e.g. lodash _.merge / CVE-2018-16487), axios silently picks up the polluted values:

  1. Header injection - lib/utils.js line 406 builds merge()'s accumulator as result = {}, so result[targetKey] (line 414) walks Object.prototype and the polluted bucket's own keys are copied into the merged headers and ride out on the wire.
  2. Crash DoS - lib/core/mergeConfig.js line 26 builds the hasOwnProperty descriptor as a plain-object literal. Object.defineProperty reads descriptor.get/descriptor.set via the prototype chain, so a polluted Object.prototype.get or Object.prototype.set makes the call throw TypeError synchronously on every axios request.

Affected Properties

Polluted slot Effect
Object.prototype.common injects headers on every method
Object.prototype.delete / .head / .post / .put / .patch / .query injects headers on the matching method
Object.prototype.get every axios request throws TypeError: Getter must be a function from mergeConfig.js:26
Object.prototype.set every axios request throws TypeError: Setter must be a function from mergeConfig.js:26

Per-request headers (axios.request(url, { headers: {...} })) overwrite polluted entries. Polluting Object.prototype.get triggers the crash before any header is built.

Proof of Concept

const axios = require('axios');

// Finding A - header injection
Object.prototype.common = { 'X-Poisoned': 'yes' };
await axios.get('http://api.example.com/users');
// Wire request carries `X-Poisoned: yes`.

// Finding B - crash DoS
Object.prototype.get = { something: 'anything' };
await axios.get('http://api.example.com/users');
// TypeError: Getter must be a function: #<Object>
//     at Function.defineProperty (<anonymous>)
//     at mergeConfig (lib/core/mergeConfig.js:26:10)

Impact

  • Server hang (Content-Length: 99999): receiver waits for a body that never arrives. Affects requests with a body.
  • CL+TE conflict (Transfer-Encoding: chunked rides alongside axios's auto Content-Length): receiver rejects with 400 Bad Request. Affects requests with a body.
  • Response suppression (If-None-Match: *): receiver returns empty 304 Not Modified. Affects GET / HEAD.
  • Crash DoS (Object.prototype.get / .set): every axios request fails synchronously with TypeError, not AxiosError, so handlers filtering on error.isAxiosError mishandle the failure.

Attack Flow

flowchart TD
    ROOT["Polluted Object.prototype<br/>via upstream gadget (e.g. lodash &lt;= 4.17.10 _.merge / CVE-2018-16487)<br/>axios &lt;= 1.15.2"]

    ROOT --> CLASS_A["A. Arbitrary HTTP Header Injection<br/>Polluted defaults.headers slot rides along on every outbound axios request"]
    ROOT --> CLASS_B["B. Crash DoS via Object.prototype.get / .set<br/>Polluted descriptor breaks Object.defineProperty in mergeConfig"]

    CLASS_A --> PRE_A["Precondition: header not set per-request by the app<br/>Injected via defaults.headers slot<br/>(common, delete, head, post, put, patch, query)"]

    PRE_A --> PA1["Response Suppression<br/>Trigger: common = {If-None-Match: *}<br/>Affects GET / HEAD"]
    PA1 --> SA1["DoS<br/>304 Not Modified empty"]

    PRE_A --> PA2["Server Hang<br/>Trigger: common = {Content-Length: 99999}<br/>Affects requests with body"]
    PA2 --> SA2["DoS<br/>connection hang"]

    PRE_A --> PA3["CL+TE Conflict<br/>Trigger: common = {Transfer-Encoding: chunked}<br/>Affects requests with body"]
    PA3 --> SA3["DoS<br/>400 Bad Request"]

    CLASS_B --> SB1["DoS<br/>TypeError: Getter / Setter must be a function<br/>Crashes every axios request, not only GET"]

    %% Styles
    style ROOT fill:#f87171,stroke:#991b1b,color:#fff
    style CLASS_A fill:#fb923c,stroke:#9a3412,color:#fff
    style CLASS_B fill:#fb923c,stroke:#9a3412,color:#fff
    style PRE_A fill:#e2e8f0,stroke:#64748b,color:#1e293b
    style PA1 fill:#fbbf24,stroke:#92400e,color:#000
    style PA2 fill:#fbbf24,stroke:#92400e,color:#000
    style PA3 fill:#fbbf24,stroke:#92400e,color:#000
    style SA1 fill:#ef4444,stroke:#991b1b,color:#fff
    style SA2 fill:#ef4444,stroke:#991b1b,color:#fff
    style SA3 fill:#ef4444,stroke:#991b1b,color:#fff
    style SB1 fill:#ef4444,stroke:#991b1b,color:#fff

Root Cause

Finding A. lib/utils.js:404-429's merge() creates result = {} at line 406. The dangerous-keys filter on lines 408-411 blocks the write side, but the read at line 414 (isPlainObject(result[targetKey])) still walks the prototype chain. When targetKey matches a polluted slot, result[targetKey] returns the polluted nested object, and the recursive merge(result[targetKey], val) on line 415 iterates that object's own keys via forEach and copies them as own properties into the new accumulator. Those keys flow through mergeConfig.js:35Axios.js:148 (utils.merge(headers.common, headers[config.method])) → Axios.js:155 (AxiosHeaders.concat(...)) → onto the wire via http.js:677 (headers: headers.toJSON()) → http.js:767 (transport.request(options, ...)).

Finding B. lib/core/mergeConfig.js:25 correctly makes config = Object.create(null), but the descriptor passed on line 26 is a plain-object literal - its get/set lookups walk Object.prototype. A polluted non-function Object.prototype.get or .set makes Object.defineProperty throw TypeError: Getter must be a function (or Setter must be a function) before the call returns. The descriptor is built unconditionally on every mergeConfig invocation, so every axios request throws - POST, PUT, DELETE, PATCH, HEAD, QUERY, not only GET.

Suggested Fix

Use null-prototype objects in place of the plain-object literals at lib/utils.js:406 and lib/core/mergeConfig.js:26-31. The same descriptor pattern recurs at lib/core/AxiosError.js:37, lib/core/AxiosHeaders.js:100, lib/utils.js:447/454/492/498, and lib/adapters/adapters.js:28/32.

Resources

  • CVE-2018-16487 - lodash.merge prototype pollution in lodash <= 4.17.10
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "axios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.16.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.31.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "axios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.32.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-29T15:54:57Z",
    "nvd_published_at": "2026-06-11T17:16:33Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\naxios `1.15.2` exposes two read-side prototype-pollution gadgets. When `Object.prototype` is polluted by an upstream dependency in the same process (e.g. lodash `_.merge` / [CVE-2018-16487](https://nvd.nist.gov/vuln/detail/CVE-2018-16487)), axios silently picks up the polluted values:\n\n1. **Header injection** - `lib/utils.js` line 406 builds `merge()`\u0027s accumulator as `result = {}`, so `result[targetKey]` (line 414) walks `Object.prototype` and the polluted bucket\u0027s own keys are copied into the merged headers and ride out on the wire.\n2. **Crash DoS** - `lib/core/mergeConfig.js` line 26 builds the `hasOwnProperty` descriptor as a plain-object literal. `Object.defineProperty` reads `descriptor.get`/`descriptor.set` via the prototype chain, so a polluted `Object.prototype.get` or `Object.prototype.set` makes the call throw `TypeError` synchronously on every axios request.\n\n## Affected Properties\n\n| Polluted slot | Effect |\n|---|---|\n| `Object.prototype.common` | injects headers on every method |\n| `Object.prototype.delete` / `.head` / `.post` / `.put` / `.patch` / `.query` | injects headers on the matching method |\n| `Object.prototype.get` | every axios request throws `TypeError: Getter must be a function` from `mergeConfig.js:26` |\n| `Object.prototype.set` | every axios request throws `TypeError: Setter must be a function` from `mergeConfig.js:26` |\n\nPer-request headers (`axios.request(url, { headers: {...} })`) overwrite polluted entries. Polluting `Object.prototype.get` triggers the crash before any header is built.\n\n## Proof of Concept\n\n```javascript\nconst axios = require(\u0027axios\u0027);\n\n// Finding A - header injection\nObject.prototype.common = { \u0027X-Poisoned\u0027: \u0027yes\u0027 };\nawait axios.get(\u0027http://api.example.com/users\u0027);\n// Wire request carries `X-Poisoned: yes`.\n\n// Finding B - crash DoS\nObject.prototype.get = { something: \u0027anything\u0027 };\nawait axios.get(\u0027http://api.example.com/users\u0027);\n// TypeError: Getter must be a function: #\u003cObject\u003e\n//     at Function.defineProperty (\u003canonymous\u003e)\n//     at mergeConfig (lib/core/mergeConfig.js:26:10)\n```\n\n## Impact\n\n- **Server hang** (`Content-Length: 99999`): receiver waits for a body that never arrives. Affects requests with a body.\n- **CL+TE conflict** (`Transfer-Encoding: chunked` rides alongside axios\u0027s auto `Content-Length`): receiver rejects with `400 Bad Request`. Affects requests with a body.\n- **Response suppression** (`If-None-Match: *`): receiver returns empty `304 Not Modified`. Affects GET / HEAD.\n- **Crash DoS** (`Object.prototype.get` / `.set`): every axios request fails synchronously with `TypeError`, not `AxiosError`, so handlers filtering on `error.isAxiosError` mishandle the failure.\n\n## Attack Flow\n\n```mermaid\nflowchart TD\n    ROOT[\"Polluted Object.prototype\u003cbr/\u003evia upstream gadget (e.g. lodash \u0026lt;= 4.17.10 _.merge / CVE-2018-16487)\u003cbr/\u003eaxios \u0026lt;= 1.15.2\"]\n\n    ROOT --\u003e CLASS_A[\"A. Arbitrary HTTP Header Injection\u003cbr/\u003ePolluted defaults.headers slot rides along on every outbound axios request\"]\n    ROOT --\u003e CLASS_B[\"B. Crash DoS via Object.prototype.get / .set\u003cbr/\u003ePolluted descriptor breaks Object.defineProperty in mergeConfig\"]\n\n    CLASS_A --\u003e PRE_A[\"Precondition: header not set per-request by the app\u003cbr/\u003eInjected via defaults.headers slot\u003cbr/\u003e(common, delete, head, post, put, patch, query)\"]\n\n    PRE_A --\u003e PA1[\"Response Suppression\u003cbr/\u003eTrigger: common = {If-None-Match: *}\u003cbr/\u003eAffects GET / HEAD\"]\n    PA1 --\u003e SA1[\"DoS\u003cbr/\u003e304 Not Modified empty\"]\n\n    PRE_A --\u003e PA2[\"Server Hang\u003cbr/\u003eTrigger: common = {Content-Length: 99999}\u003cbr/\u003eAffects requests with body\"]\n    PA2 --\u003e SA2[\"DoS\u003cbr/\u003econnection hang\"]\n\n    PRE_A --\u003e PA3[\"CL+TE Conflict\u003cbr/\u003eTrigger: common = {Transfer-Encoding: chunked}\u003cbr/\u003eAffects requests with body\"]\n    PA3 --\u003e SA3[\"DoS\u003cbr/\u003e400 Bad Request\"]\n\n    CLASS_B --\u003e SB1[\"DoS\u003cbr/\u003eTypeError: Getter / Setter must be a function\u003cbr/\u003eCrashes every axios request, not only GET\"]\n\n    %% Styles\n    style ROOT fill:#f87171,stroke:#991b1b,color:#fff\n    style CLASS_A fill:#fb923c,stroke:#9a3412,color:#fff\n    style CLASS_B fill:#fb923c,stroke:#9a3412,color:#fff\n    style PRE_A fill:#e2e8f0,stroke:#64748b,color:#1e293b\n    style PA1 fill:#fbbf24,stroke:#92400e,color:#000\n    style PA2 fill:#fbbf24,stroke:#92400e,color:#000\n    style PA3 fill:#fbbf24,stroke:#92400e,color:#000\n    style SA1 fill:#ef4444,stroke:#991b1b,color:#fff\n    style SA2 fill:#ef4444,stroke:#991b1b,color:#fff\n    style SA3 fill:#ef4444,stroke:#991b1b,color:#fff\n    style SB1 fill:#ef4444,stroke:#991b1b,color:#fff\n```\n\n## Root Cause\n\n**Finding A.** `lib/utils.js:404-429`\u0027s `merge()` creates `result = {}` at line 406. The dangerous-keys filter on lines 408-411 blocks the write side, but the read at line 414 (`isPlainObject(result[targetKey])`) still walks the prototype chain. When `targetKey` matches a polluted slot, `result[targetKey]` returns the polluted nested object, and the recursive `merge(result[targetKey], val)` on line 415 iterates that object\u0027s own keys via `forEach` and copies them as own properties into the new accumulator. Those keys flow through `mergeConfig.js:35` \u2192 `Axios.js:148` (`utils.merge(headers.common, headers[config.method])`) \u2192 `Axios.js:155` (`AxiosHeaders.concat(...)`) \u2192 onto the wire via `http.js:677` (`headers: headers.toJSON()`) \u2192 `http.js:767` (`transport.request(options, ...)`).\n\n**Finding B.** `lib/core/mergeConfig.js:25` correctly makes `config = Object.create(null)`, but the descriptor passed on line 26 is a plain-object literal - its `get`/`set` lookups walk `Object.prototype`. A polluted non-function `Object.prototype.get` or `.set` makes `Object.defineProperty` throw `TypeError: Getter must be a function` (or `Setter must be a function`) before the call returns. The descriptor is built unconditionally on every `mergeConfig` invocation, so every axios request throws - POST, PUT, DELETE, PATCH, HEAD, QUERY, not only GET.\n\n## Suggested Fix\n\nUse null-prototype objects in place of the plain-object literals at `lib/utils.js:406` and `lib/core/mergeConfig.js:26-31`. The same descriptor pattern recurs at `lib/core/AxiosError.js:37`, `lib/core/AxiosHeaders.js:100`, `lib/utils.js:447/454/492/498`, and `lib/adapters/adapters.js:28/32`.\n\n## Resources\n\n- [CVE-2018-16487](https://nvd.nist.gov/vuln/detail/CVE-2018-16487) - `lodash.merge` prototype pollution in `lodash \u003c= 4.17.10`\n- [CWE-1321](https://cwe.mitre.org/data/definitions/1321.html) - Improperly Controlled Modification of Object Prototype Attributes",
  "id": "GHSA-898c-q2cr-xwhg",
  "modified": "2026-06-12T19:25:04Z",
  "published": "2026-05-29T15:54:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/security/advisories/GHSA-898c-q2cr-xwhg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16487"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44490"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/axios/axios"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "axios has DoS \u0026 Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions"
}

GHSA-89FP-F5MX-748X

Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 23:40
VLAI
Summary
vxe-table prototype pollution
Details

A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "vxe-table"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.8.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-57080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-06T23:40:49Z",
    "nvd_published_at": "2025-02-05T22:15:32Z",
    "severity": "HIGH"
  },
  "details": "A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.",
  "id": "GHSA-89fp-f5mx-748x",
  "modified": "2025-02-06T23:40:49Z",
  "published": "2025-02-06T06:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57080"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/tariqhawis/c0b5fa2d7e4edd3f000e73fb7a10ccbc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/x-extends/vxe-table"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vxe-table prototype pollution"
}

GHSA-89MQ-4X47-5V83

Vulnerability from github – Published: 2019-11-20 15:29 – Updated: 2025-11-20 19:29
VLAI
Summary
angular Prototype Pollution vulnerability
Details

Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge() does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.

Recommendation

Upgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "angular"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10768"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-20",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-11-20T00:51:05Z",
    "nvd_published_at": "2019-11-19T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Versions of `angular ` prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function `merge()` does not restrict the modification of an Object\u0027s prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.\n\n## Recommendation\n\nUpgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.",
  "id": "GHSA-89mq-4x47-5v83",
  "modified": "2025-11-20T19:29:58Z",
  "published": "2019-11-20T15:29:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10768"
    },
    {
      "type": "WEB",
      "url": "https://github.com/angular/angular.js/pull/16913"
    },
    {
      "type": "WEB",
      "url": "https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/angular/angular.js"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-534884"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "angular Prototype Pollution vulnerability"
}

GHSA-89QM-HM2X-MXM3

Vulnerability from github – Published: 2023-06-12 06:30 – Updated: 2023-10-09 20:17
VLAI
Summary
progressbar.js vulnerable to Prototype Pollution
Details

All versions of the package progressbar.js prior to 1.1.1 are vulnerable to Prototype Pollution via the function extend() in the file utils.js.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "progressbar.js"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-26133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-12T18:53:32Z",
    "nvd_published_at": "2023-06-12T05:15:09Z",
    "severity": "HIGH"
  },
  "details": "All versions of the package progressbar.js prior to 1.1.1 are vulnerable to Prototype Pollution via the function extend() in the file utils.js.\n\n",
  "id": "GHSA-89qm-hm2x-mxm3",
  "modified": "2023-10-09T20:17:11Z",
  "published": "2023-06-12T06:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26133"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kimmobrunfeldt/progressbar.js/commit/97fe68ef4beccfe84b7cba08ea1fc695e38cc04b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kimmobrunfeldt/progressbar.js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kimmobrunfeldt/progressbar.js/blob/74536b9eeeaaf51144706d918ed5a0a679631d96/src/utils.js#L18"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kimmobrunfeldt/progressbar.js/blob/74536b9eeeaaf51144706d918ed5a0a679631d96/src/utils.js#L20"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-PROGRESSBARJS-3184152"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "progressbar.js vulnerable to Prototype Pollution"
}

GHSA-8F8G-9J73-7P82

Vulnerability from github – Published: 2022-09-16 00:00 – Updated: 2022-09-21 21:07
VLAI
Summary
steal vulnerable to Prototype Pollution via optionName variable
Details

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "steal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-37264"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-21T21:07:43Z",
    "nvd_published_at": "2022-09-15T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.",
  "id": "GHSA-8f8g-9j73-7p82",
  "modified": "2022-09-21T21:07:43Z",
  "published": "2022-09-16T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37264"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stealjs/steal/issues/1533"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/stealjs/steal"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/main.js#L2194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/main.js#L647"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "steal vulnerable to Prototype Pollution via optionName variable"
}

GHSA-8G4M-CJM2-96WQ

Vulnerability from github – Published: 2022-03-18 00:01 – Updated: 2022-03-25 16:47
VLAI
Summary
Sandbox escape in notevil and argencoders-notevil
Details

This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. Note: This vulnerability derives from an incomplete fix in SNYK-JS-NOTEVIL-608878. This package has been deprecated.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "notevil"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "argencoders-notevil"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23771"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-18T23:07:57Z",
    "nvd_published_at": "2022-03-17T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object\u0027s prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878). This package has been deprecated.",
  "id": "GHSA-8g4m-cjm2-96wq",
  "modified": "2022-03-25T16:47:42Z",
  "published": "2022-03-18T00:01:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23771"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mmckegg/notevil"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-ARGENCODERSNOTEVIL-2388587"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-NOTEVIL-2385946"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sandbox escape in notevil and argencoders-notevil"
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.