Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

779 vulnerabilities reference this CWE, most recent first.

CVE-2025-5150 (GCVE-0-2025-5150)

Vulnerability from cvelistv5 – Published: 2025-05-25 15:00 – Updated: 2025-05-28 17:38
VLAI
Title
docarray Web API torch_dataset.py __getitem__ prototype pollution
Summary
A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
  • CWE-94 - Code Injection
Assigner
References
URL Tags
https://vuldb.com/?id.310238 vdb-entrytechnical-description
https://vuldb.com/?ctiid.310238 signaturepermissions-required
https://vuldb.com/?submit.574696 third-party-advisory
https://gist.github.com/superboy-zjc/56502343bcb1… exploit
Impacted products
Vendor Product Version
n/a docarray Affected: 0.40.0
Affected: 0.40.1
Credits
Gavin Zhong (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5150",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-27T14:21:27.308517Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-28T17:38:30.293Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gist.github.com/superboy-zjc/56502343bcb12eb653081b426debf2c8"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web API"
          ],
          "product": "docarray",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.40.0"
            },
            {
              "status": "affected",
              "version": "0.40.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Gavin Zhong (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes (\u0027prototype pollution\u0027). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in docarray bis 0.40.1 ausgemacht. Betroffen davon ist die Funktion __getitem__ der Datei /docarray/data/torch_dataset.py der Komponente Web API. Mittels dem Manipulieren mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes (\u0027prototype pollution\u0027)-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-25T15:00:07.698Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-310238 | docarray Web API torch_dataset.py __getitem__ prototype pollution",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.310238"
        },
        {
          "name": "VDB-310238 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.310238"
        },
        {
          "name": "Submit #574696 | docarray 0.40.1 Improperly Controlled Modification of Object Prototype Attribute",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.574696"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/superboy-zjc/56502343bcb12eb653081b426debf2c8"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-24T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-24T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-24T19:41:02.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "docarray Web API torch_dataset.py __getitem__ prototype pollution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-5150",
    "datePublished": "2025-05-25T15:00:07.698Z",
    "dateReserved": "2025-05-24T17:35:59.271Z",
    "dateUpdated": "2025-05-28T17:38:30.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-3982 (GCVE-0-2025-3982)

Vulnerability from cvelistv5 – Published: 2025-04-27 19:00 – Updated: 2025-04-28 18:09
VLAI
Title
nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution
Summary
A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
  • CWE-94 - Code Injection
Assigner
References
URL Tags
https://vuldb.com/?id.306318 vdb-entrytechnical-description
https://vuldb.com/?ctiid.306318 signaturepermissions-required
https://vuldb.com/?submit.557411 third-party-advisory
https://gist.github.com/superboy-zjc/a31b8ea7466f… exploit
Impacted products
Vendor Product Version
nortikin Sverchok Affected: 1.3.0
Create a notification for this product.
Credits
Jiacheng Gavin Zhong Zhengyu Liu Gavin Zhong (VulDB User) Gavin Zhong (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3982",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-28T18:04:13.651187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-28T18:09:29.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gist.github.com/superboy-zjc/a31b8ea7466f91b437598297bf5cbce8"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Set Property Mk2 Node"
          ],
          "product": "Sverchok",
          "vendor": "nortikin",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jiacheng Gavin Zhong"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Zhengyu Liu"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Gavin Zhong (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Gavin Zhong (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of object prototype attributes (\u0027prototype pollution\u0027). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in nortikin Sverchok 1.3.0 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion SvSetPropNodeMK2 der Datei sverchok/nodes/object_nodes/getsetprop_mk2.py der Komponente Set Property Mk2 Node. Dank Manipulation mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes (\u0027prototype pollution\u0027)-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-27T19:00:05.577Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-306318 | nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.306318"
        },
        {
          "name": "VDB-306318 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.306318"
        },
        {
          "name": "Submit #557411 | Sverchok Sverchok blender plugin 1.3.0 Improperly Controlled Modification of Object Prototype Attribute",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.557411"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/superboy-zjc/a31b8ea7466f91b437598297bf5cbce8"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-04-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-04-26T16:04:36.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-3982",
    "datePublished": "2025-04-27T19:00:05.577Z",
    "dateReserved": "2025-04-26T07:56:21.858Z",
    "dateUpdated": "2025-04-28T18:09:29.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56059 (GCVE-0-2024-56059)

Vulnerability from cvelistv5 – Published: 2024-12-18 11:38 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress Partners plugin <= 0.2.0 - PHP Object Injection vulnerability
Summary
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through <= 0.2.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
Vendor Product Version
farinspace Partners Affected: 0 , ≤ 0.2.0 (custom)
Create a notification for this product.
Date Public
2026-04-01 16:31
Credits
Le Ngoc Anh | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T16:27:15.664810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T16:29:32.752Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "partners",
          "product": "Partners",
          "vendor": "farinspace",
          "versions": [
            {
              "lessThanOrEqual": "0.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Le Ngoc Anh | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-01T16:31:00.025Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability in farinspace Partners partners allows Object Injection.\u003cp\u003eThis issue affects Partners: from n/a through \u003c= 0.2.0.\u003c/p\u003e"
            }
          ],
          "value": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through \u003c= 0.2.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-586",
          "descriptions": [
            {
              "lang": "en",
              "value": "Object Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:10:54.769Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Plugin/partners/vulnerability/wordpress-partners-plugin-0-2-0-php-object-injection-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Partners plugin \u003c= 0.2.0 - PHP Object Injection vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-56059",
    "datePublished": "2024-12-18T11:38:20.358Z",
    "dateReserved": "2024-12-14T19:43:05.902Z",
    "dateUpdated": "2026-04-28T16:10:54.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-52810 (GCVE-0-2024-52810)

Vulnerability from cvelistv5 – Published: 2024-11-29 18:36 – Updated: 2024-12-03 14:06
VLAI
Title
Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4
Summary
@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
Vendor Product Version
intlify vue-i18n Affected: >= 9.7.0, < 9.14.2
Affected: >= 10.0.0, < 10.0.5
Create a notification for this product.
intlify vue-i18n Affected: 0 , ≤ 9.7.0 (custom)
Affected: 0 , < 9.14.2 (custom)
Affected: 0 , ≤ 10.0.0 (custom)
Affected: 0 , < 10.0.5 (custom)
    cpe:2.3:a:intlify:vue-i18n:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:intlify:vue-i18n:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vue-i18n",
            "vendor": "intlify",
            "versions": [
              {
                "lessThanOrEqual": "9.7.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "9.14.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "10.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "10.0.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52810",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T14:04:45.075483Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-03T14:06:41.359Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vue-i18n",
          "vendor": "intlify",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.7.0,  \u003c 9.14.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c 10.0.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application\u0027s context. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-29T18:36:08.638Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-hjwq-mjwj-4x6c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-hjwq-mjwj-4x6c"
        },
        {
          "name": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d"
        }
      ],
      "source": {
        "advisory": "GHSA-hjwq-mjwj-4x6c",
        "discovery": "UNKNOWN"
      },
      "title": "Prototype Pollution in @intlify/shared \u003e=9.7.0 \u003c= 10.0.4"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52810",
    "datePublished": "2024-11-29T18:36:08.638Z",
    "dateReserved": "2024-11-15T17:11:13.443Z",
    "dateUpdated": "2024-12-03T14:06:41.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52441 (GCVE-0-2024-52441)

Vulnerability from cvelistv5 – Published: 2024-11-20 11:14 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress Quick Learn plugin <= 1.0.1 - PHP Object Injection vulnerability
Summary
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.This issue affects Quick Learn: from n/a through <= 1.0.1.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
Vendor Product Version
Rajesh Thanoch Quick Learn Affected: 0 , ≤ 1.0.1 (custom)
Create a notification for this product.
rajesh_thanoch quick_learn Affected: 0 , ≤ 1.0.1 (custom)
    cpe:2.3:a:rajesh_thanoch:quick_learn:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2026-04-01 16:29
Credits
LVT-tholv2k | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:rajesh_thanoch:quick_learn:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "quick_learn",
            "vendor": "rajesh_thanoch",
            "versions": [
              {
                "lessThanOrEqual": "1.0.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52441",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T16:08:07.913118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T16:09:35.256Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "quick-learn",
          "product": "Quick Learn",
          "vendor": "Rajesh Thanoch",
          "versions": [
            {
              "lessThanOrEqual": "1.0.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-01T16:29:54.074Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.\u003cp\u003eThis issue affects Quick Learn: from n/a through \u003c= 1.0.1.\u003c/p\u003e"
            }
          ],
          "value": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.This issue affects Quick Learn: from n/a through \u003c= 1.0.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-586",
          "descriptions": [
            {
              "lang": "en",
              "value": "Object Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:10:42.139Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Plugin/quick-learn/vulnerability/wordpress-quick-learn-plugin-1-0-1-php-object-injection-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Quick Learn plugin \u003c= 1.0.1 - PHP Object Injection vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-52441",
    "datePublished": "2024-11-20T11:14:36.279Z",
    "dateReserved": "2024-11-11T06:39:48.584Z",
    "dateUpdated": "2026-04-28T16:10:42.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-48910 (GCVE-0-2024-48910)

Vulnerability from cvelistv5 – Published: 2024-10-31 14:22 – Updated: 2025-11-03 20:41
VLAI
Title
DOMPurify vulnerable to tampering by prototype polution
Summary
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
Impacted products
Vendor Product Version
cure53 DOMPurify Affected: < 2.4.2
Create a notification for this product.
cure53 dompurify Affected: 0 , < 2.4.2 (custom)
    cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dompurify",
            "vendor": "cure53",
            "versions": [
              {
                "lessThan": "2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48910",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-31T15:52:58.729943Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T15:55:39.716Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:41:01.064Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DOMPurify",
          "vendor": "cure53",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-31T14:22:52.867Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr"
        },
        {
          "name": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc"
        }
      ],
      "source": {
        "advisory": "GHSA-p3vf-v8qc-cwcr",
        "discovery": "UNKNOWN"
      },
      "title": "DOMPurify vulnerable to tampering by prototype polution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-48910",
    "datePublished": "2024-10-31T14:22:52.867Z",
    "dateReserved": "2024-10-09T22:06:46.171Z",
    "dateUpdated": "2025-11-03T20:41:01.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45815 (GCVE-0-2024-45815)

Vulnerability from cvelistv5 – Published: 2024-09-17 20:14 – Updated: 2024-09-18 14:49
VLAI
Title
Prototype pollution in @backstage/plugin-catalog-backend
Summary
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the `1.26.0` release of the `@backstage/plugin-catalog-backend`. All users are advised to upgrade. There are no known workarounds for this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
Vendor Product Version
backstage backstage Affected: < 1.26.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45815",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T14:49:00.159321Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T14:49:10.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "backstage",
          "vendor": "backstage",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.26.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the `1.26.0` release of the `@backstage/plugin-catalog-backend`. All users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T20:14:31.104Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j"
        }
      ],
      "source": {
        "advisory": "GHSA-3x3f-jcp3-g22j",
        "discovery": "UNKNOWN"
      },
      "title": "Prototype pollution in @backstage/plugin-catalog-backend"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45815",
    "datePublished": "2024-09-17T20:14:31.104Z",
    "dateReserved": "2024-09-09T14:23:07.506Z",
    "dateUpdated": "2024-09-18T14:49:10.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45277 (GCVE-0-2024-45277)

Vulnerability from cvelistv5 – Published: 2024-10-08 03:21 – Updated: 2024-10-08 14:01
VLAI
Title
Prototype Pollution vulnerability in SAP HANA Client
Summary
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes
Assigner
sap
Impacted products
Vendor Product Version
SAP_SE SAP HANA Client Affected: HDB_CLIENT 2.0
Create a notification for this product.
sap_se sap_hana_client Affected: HDB_CLIENT 2.0
    cpe:2.3:a:sap_se:sap_hana_client:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:sap_se:sap_hana_client:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sap_hana_client",
            "vendor": "sap_se",
            "versions": [
              {
                "status": "affected",
                "version": "HDB_CLIENT 2.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45277",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T13:59:56.396341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T14:01:44.271Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP HANA Client",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "HDB_CLIENT 2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.\u003c/p\u003e"
            }
          ],
          "value": "The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes",
              "lang": "eng",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-08T09:52:33.850Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://me.sap.com/notes/3520100"
        },
        {
          "url": "https://url.sap/sapsecuritypatchday"
        },
        {
          "url": "https://www.npmjs.com/package/@sap/hana-client?activeTab=code"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Prototype Pollution vulnerability in SAP HANA Client",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2024-45277",
    "datePublished": "2024-10-08T03:21:16.236Z",
    "dateReserved": "2024-08-26T10:39:20.931Z",
    "dateUpdated": "2024-10-08T14:01:44.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34698 (GCVE-0-2024-34698)

Vulnerability from cvelistv5 – Published: 2024-05-13 15:50 – Updated: 2024-08-02 02:59
VLAI
Title
Prototype Pollution in getQueryParam Function (URL Query Parser)
Summary
FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the `/public/js/main.js` source file. The Prototype Pollution arises because the `getQueryParam` Function recursively merges an object containing user-controllable properties into an existing object (For URL Query Parameters Parsing), without first sanitizing the keys. This can allow an attacker to inject a property with a key `__proto__`, along with arbitrarily nested properties. The merge operation assigns the nested properties to the `params` object's prototype instead of the target object itself. As a result, the attacker can pollute the prototype with properties containing harmful values, which are then inherited by user-defined objects and subsequently used by the application dangerously. The vulnerability lets an attacker control properties of objects that would otherwise be inaccessible. If the application subsequently handles an attacker-controlled property in an unsafe way, this can potentially be chained with other vulnerabilities like DOM-based XSS, Open Redirection, Cookie Manipulation, Link Manipulation, HTML Injection, etc. Version 1.8.139 contains a patch for the issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
Vendor Product Version
freescout-helpdesk freescout Affected: < 1.8.139
Create a notification for this product.
freescout_helpdesk freescout Affected: 0 , < 1.8.139 (custom)
    cpe:2.3:a:freescout_helpdesk:freescout:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:freescout_helpdesk:freescout:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "freescout",
            "vendor": "freescout_helpdesk",
            "versions": [
              {
                "lessThan": "1.8.139",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34698",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T18:35:12.548255Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:42:25.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:21.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-rx6j-4c33-9h3r",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-rx6j-4c33-9h3r"
          },
          {
            "name": "https://github.com/freescout-helpdesk/freescout/commit/2614514bc6d6c4ad563202a1c9cae5a97b195cc5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/freescout-helpdesk/freescout/commit/2614514bc6d6c4ad563202a1c9cae5a97b195cc5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "freescout",
          "vendor": "freescout-helpdesk",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.8.139"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the `/public/js/main.js` source file. The Prototype Pollution arises because the `getQueryParam` Function recursively merges an object containing user-controllable properties into an existing object (For URL Query Parameters Parsing), without first sanitizing the keys. This can allow an attacker to inject a property with a key `__proto__`, along with arbitrarily nested properties. The merge operation assigns the nested properties to the `params` object\u0027s prototype instead of the target object itself. As a result, the attacker can pollute the prototype with properties containing harmful values, which are then inherited by user-defined objects and subsequently used by the application dangerously. The vulnerability lets an attacker control properties of objects that would otherwise be inaccessible. If the application subsequently handles an attacker-controlled property in an unsafe way, this can potentially be chained with other vulnerabilities like DOM-based XSS, Open Redirection, Cookie Manipulation, Link Manipulation, HTML Injection, etc. Version 1.8.139 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-13T15:50:34.498Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-rx6j-4c33-9h3r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-rx6j-4c33-9h3r"
        },
        {
          "name": "https://github.com/freescout-helpdesk/freescout/commit/2614514bc6d6c4ad563202a1c9cae5a97b195cc5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/freescout-helpdesk/freescout/commit/2614514bc6d6c4ad563202a1c9cae5a97b195cc5"
        }
      ],
      "source": {
        "advisory": "GHSA-rx6j-4c33-9h3r",
        "discovery": "UNKNOWN"
      },
      "title": "Prototype Pollution in getQueryParam Function (URL Query Parser)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34698",
    "datePublished": "2024-05-13T15:50:34.498Z",
    "dateReserved": "2024-05-07T13:53:00.131Z",
    "dateUpdated": "2024-08-02T02:59:21.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-32866 (GCVE-0-2024-32866)

Vulnerability from cvelistv5 – Published: 2024-04-23 21:07 – Updated: 2024-08-02 02:20
VLAI
Title
Conform contains Prototype Pollution Vulnerability in `parseWith...` function
Summary
Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
Impacted products
Vendor Product Version
edmundhung conform Affected: < 1.1.1
Create a notification for this product.
edmundhung conform Affected: *
    cpe:2.3:a:edmundhung:conform:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:edmundhung:conform:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "conform",
            "vendor": "edmundhung",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32866",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-29T12:18:26.633617Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:50:16.913Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:20:35.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf"
          },
          {
            "name": "https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de"
          },
          {
            "name": "https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "conform",
          "vendor": "edmundhung",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-23T21:07:06.216Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf"
        },
        {
          "name": "https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de"
        },
        {
          "name": "https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117"
        }
      ],
      "source": {
        "advisory": "GHSA-624g-8qjg-8qxf",
        "discovery": "UNKNOWN"
      },
      "title": "Conform contains Prototype Pollution Vulnerability in `parseWith...` function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-32866",
    "datePublished": "2024-04-23T21:07:06.216Z",
    "dateReserved": "2024-04-19T14:07:11.228Z",
    "dateUpdated": "2024-08-02T02:20:35.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.