CWE-1321
AllowedImproperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Abstraction: Variant · Status: Incomplete
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
779 vulnerabilities reference this CWE, most recent first.
GHSA-28MC-G557-92M7
Vulnerability from github – Published: 2024-07-30 21:31 – Updated: 2024-08-06 23:14Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.1.1"
},
"package": {
"ecosystem": "npm",
"name": "@75lb/deep-merge"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-38986"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-31T15:29:36Z",
"nvd_published_at": "2024-07-30T20:15:03Z",
"severity": "HIGH"
},
"details": "Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects.",
"id": "GHSA-28mc-g557-92m7",
"modified": "2024-08-06T23:14:46Z",
"published": "2024-07-30T21:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38986"
},
{
"type": "WEB",
"url": "https://github.com/75lb/deep-merge/issues/1"
},
{
"type": "WEB",
"url": "https://github.com/75lb/deep-merge/commit/a68541fac3c2372f1ca67effad825990ad8046e1"
},
{
"type": "WEB",
"url": "https://gist.github.com/mestrtee/b20c3aee8bea16e1863933778da6e4cb"
},
{
"type": "PACKAGE",
"url": "https://github.com/75lb/deep-merge"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "@75lb/deep-merge Prototype Pollution vulnerability"
}
GHSA-28XV-PH75-77WH
Vulnerability from github – Published: 2026-07-14 19:40 – Updated: 2026-07-14 19:40Impact
The _.merge(target, source) utility exported by @feathersjs/commons recursively merges source into target by iterating Object.keys(source). When source was produced by JSON.parse and contains a __proto__ (or constructor / prototype) key, that key is returned as an own-enumerable property. The recursive merge then resolves target['__proto__'] to Object.prototype and writes the attacker-supplied properties onto it, polluting the prototype for all plain objects in the process for the lifetime of the Node process.
Scope of real-world risk is limited. No first-party Feathers package routes input — trusted or untrusted — through commons._.merge. The @feathersjs/authentication package, which does merge request-influenced data, uses lodash/merge (prototype-pollution-safe since 4.17.12), not this utility. Exploitation therefore requires a downstream plugin or application to pass JSON-parsed, attacker-controlled input directly through the exported _.merge.
Patches
Fixed in @feathersjs/commons@5.0.45. The fix skips __proto__, constructor, and prototype keys during iteration — the standard remediation used by lodash and others.
Workarounds
Avoid passing JSON-parsed untrusted input through commons._.merge. Freezing Object.prototype or validating/sanitizing keys upstream also mitigates.
Credit
Reported responsibly by Andrew Ridings (@ridingsa).
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.0.44"
},
"package": {
"ecosystem": "npm",
"name": "@feathersjs/commons"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.45"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54335"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-14T19:40:05Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Impact\n\nThe `_.merge(target, source)` utility exported by `@feathersjs/commons` recursively merges `source` into `target` by iterating `Object.keys(source)`. When `source` was produced by `JSON.parse` and contains a `__proto__` (or `constructor` / `prototype`) key, that key is returned as an own-enumerable property. The recursive merge then resolves `target[\u0027__proto__\u0027]` to `Object.prototype` and writes the attacker-supplied properties onto it, polluting the prototype for all plain objects in the process for the lifetime of the Node process.\n\n**Scope of real-world risk is limited.** No first-party Feathers package routes input \u2014 trusted or untrusted \u2014 through `commons._.merge`. The `@feathersjs/authentication` package, which does merge request-influenced data, uses `lodash/merge` (prototype-pollution-safe since 4.17.12), not this utility. Exploitation therefore requires a downstream plugin or application to pass JSON-parsed, attacker-controlled input directly through the exported `_.merge`.\n\n### Patches\n\nFixed in `@feathersjs/commons@5.0.45`. The fix skips `__proto__`, `constructor`, and `prototype` keys during iteration \u2014 the standard remediation used by lodash and others.\n\n### Workarounds\n\nAvoid passing JSON-parsed untrusted input through `commons._.merge`. Freezing `Object.prototype` or validating/sanitizing keys upstream also mitigates.\n\n### Credit\n\nReported responsibly by Andrew Ridings (@ridingsa).",
"id": "GHSA-28xv-ph75-77wh",
"modified": "2026-07-14T19:40:05Z",
"published": "2026-07-14T19:40:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/feathersjs/feathers/security/advisories/GHSA-28xv-ph75-77wh"
},
{
"type": "WEB",
"url": "https://github.com/feathersjs/feathers/pull/3690"
},
{
"type": "WEB",
"url": "https://github.com/feathersjs/feathers/commit/28b3c03c63bdbff53115fdaa46c56980e7942acc"
},
{
"type": "PACKAGE",
"url": "https://github.com/feathersjs/feathers"
},
{
"type": "WEB",
"url": "https://github.com/feathersjs/feathers/releases/tag/v5.0.45"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Prototype pollution in @feathersjs/commons _.merge via JSON-parsed __proto__"
}
GHSA-2933-Q333-QG83
Vulnerability from github – Published: 2026-06-25 17:28 – Updated: 2026-06-25 17:28Impact
i18next-fs-backend ≤ 2.6.5, when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input), is vulnerable to prototype pollution via crafted missing-key strings.
Backend.writeFile() splits each queued missing-key string on the configured keySeparator (default .) before calling the internal setPath() walker. The walker (getLastOfPath in lib/utils.js) did not guard against unsafe segments, so a key like "__proto__.polluted" was split into ["__proto__", "polluted"] and walked straight into Object.prototype, allowing an attacker to write arbitrary properties onto the global object prototype.
Depending on the host application, polluted prototype properties may cause crashes, corrupted translation behaviour, configuration poisoning, or bypasses of property-based security checks.
Affected configuration
Applications are directly affected only if all of the following hold:
i18next-fs-backend≤ 2.6.5 is configured as the backend.i18next-http-middleware'smissingKeyHandler(or another route that forwards untrusted request bodies toi18next.t(..., { ... })withsaveMissing: true) is reachable by untrusted users.- The default behaviour of splitting missing-key strings on
keySeparatoris in use (i.e.keySeparatoris notfalse).
Apps that do not expose missing-key persistence to untrusted input are not directly affected through this attack path.
Patches
Fixed in i18next-fs-backend 2.6.6. The traversal helper now refuses to descend through __proto__, constructor, or prototype segments and drops the offending write silently. Legitimate dotted keys (e.g. "header.title") are unaffected.
A matching defence-in-depth fix has been shipped in i18next-http-middleware 3.9.7 — see the companion advisory.
Workarounds
If users cannot upgrade immediately:
- Do not expose
i18next-http-middleware'smissingKeyHandlerto untrusted users (mount it behind authentication, or remove the route). - Disable missing-key persistence (
saveMissing: false, or nobackend.createimplementation) when accepting writes from untrusted input. - Set
keySeparator: falsein the i18next options to disable backend key splitting (note: this also disables nested translation keys).
Resources
- Original report by @codeswhite.
- Companion advisory in
i18next-http-middleware: GHSA-f49m-vf83-692w. - Previous
i18next-fs-backendsecurity release: GHSA-8847-338w-5hcj (path traversal vialng/ns, fixed in 2.6.4).
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "i18next-fs-backend"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48713"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-25T17:28:46Z",
"nvd_published_at": "2026-06-15T22:16:17Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\n`i18next-fs-backend` \u2264 2.6.5, when used to persist missing translation keys (e.g. via `i18next-http-middleware`\u0027s `missingKeyHandler` exposed to untrusted input), is vulnerable to prototype pollution via crafted missing-key strings.\n\n`Backend.writeFile()` splits each queued missing-key string on the configured `keySeparator` (default `.`) before calling the internal `setPath()` walker. The walker (`getLastOfPath` in `lib/utils.js`) did not guard against unsafe segments, so a key like `\"__proto__.polluted\"` was split into `[\"__proto__\", \"polluted\"]` and walked straight into `Object.prototype`, allowing an attacker to write arbitrary properties onto the global object prototype.\n\nDepending on the host application, polluted prototype properties may cause crashes, corrupted translation behaviour, configuration poisoning, or bypasses of property-based security checks.\n\n### Affected configuration\n\nApplications are directly affected only if **all** of the following hold:\n\n- `i18next-fs-backend` \u2264 2.6.5 is configured as the backend.\n- `i18next-http-middleware`\u0027s `missingKeyHandler` (or another route that forwards untrusted request bodies to `i18next.t(..., { ... })` with `saveMissing: true`) is reachable by untrusted users.\n- The default behaviour of splitting missing-key strings on `keySeparator` is in use (i.e. `keySeparator` is not `false`).\n\nApps that do not expose missing-key persistence to untrusted input are not directly affected through this attack path.\n\n### Patches\n\nFixed in **i18next-fs-backend 2.6.6**. The traversal helper now refuses to descend through `__proto__`, `constructor`, or `prototype` segments and drops the offending write silently. Legitimate dotted keys (e.g. `\"header.title\"`) are unaffected.\n\nA matching defence-in-depth fix has been shipped in `i18next-http-middleware` **3.9.7** \u2014 see the companion advisory.\n\n### Workarounds\n\nIf users cannot upgrade immediately:\n\n- Do not expose `i18next-http-middleware`\u0027s `missingKeyHandler` to untrusted users (mount it behind authentication, or remove the route).\n- Disable missing-key persistence (`saveMissing: false`, or no `backend.create` implementation) when accepting writes from untrusted input.\n- Set `keySeparator: false` in the i18next options to disable backend key splitting (note: this also disables nested translation keys).\n\n### Resources\n\n- Original report by [@codeswhite](https://github.com/codeswhite).\n- Companion advisory in `i18next-http-middleware`: [GHSA-f49m-vf83-692w](https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-f49m-vf83-692w).\n- Previous `i18next-fs-backend` security release: GHSA-8847-338w-5hcj (path traversal via `lng`/`ns`, fixed in 2.6.4).",
"id": "GHSA-2933-q333-qg83",
"modified": "2026-06-25T17:28:46Z",
"published": "2026-06-25T17:28:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/i18next/i18next-fs-backend/security/advisories/GHSA-2933-q333-qg83"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48713"
},
{
"type": "WEB",
"url": "https://github.com/i18next/i18next-fs-backend/commit/3ab0448087da6935a40117f904b7457281f963f4"
},
{
"type": "PACKAGE",
"url": "https://github.com/i18next/i18next-fs-backend"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string"
}
GHSA-2C29-WC65-4CX9
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-12-05 23:17The package linux-cmdline is a parser for Linux kernel command line arguments. Versions before 1.0.1 are vulnerable to Prototype Pollution via the constructor.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "linux-cmdline"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7704"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-05T23:17:26Z",
"nvd_published_at": "2020-08-17T17:15:00Z",
"severity": "CRITICAL"
},
"details": "The package linux-cmdline is a parser for Linux kernel command line arguments. Versions before 1.0.1 are vulnerable to Prototype Pollution via the constructor.",
"id": "GHSA-2c29-wc65-4cx9",
"modified": "2022-12-05T23:17:26Z",
"published": "2022-05-24T17:26:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7704"
},
{
"type": "WEB",
"url": "https://github.com/piranna/linux-cmdline/commit/53c61a88bc47eb25d71832205056beaab95cf677"
},
{
"type": "PACKAGE",
"url": "https://github.com/piranna/linux-cmdline"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-LINUXCMDLINE-598674"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "linux-cmdline is vulnerable to Prototype Pollution via the constructor"
}
GHSA-2C4M-G7RX-63Q7
Vulnerability from github – Published: 2026-02-11 15:13 – Updated: 2026-02-12 14:19Summary
A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1). Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using Array.prototype. This has been fixed in version 2.0.5.
Details
The vulnerability resides in line 28 of https://github.com/ahdinosaur/set-in/blob/master/index.js where includes() function is used to check whether user provided input contain forbidden strings.
PoC
Steps to reproduce
- Install latest version of set-in using npm install or cloning from git
- Run the following code snippet:
Array.prototype.includes = () => false;
const si = require('set-in');
const obj = {};
console.log({}.polluted);
si(obj, [
'constructor',
'prototype',
'polluted'
], 'yes');
console.log('{ ' + obj.polluted + ', ' + 'yes' + ' }'); // prints yes -> indicating that the patch was bypassed and prototype pollution occurred
Expected behavior
Prototype pollution should be prevented and {} should not gain new properties. This should be printed on the console:
undefined
undefined OR throw an Error
Actual behavior
Object.prototype is polluted This is printed on the console:
undefined
yes
Impact
This is a prototype pollution vulnerability, which can have severe security implications depending on how set-in is used by downstream applications. Any application that processes attacker-controlled input using this package may be affected. It could potentially lead to the following problems: 1. Authentication bypass 2. Denial of service 3. Remote code execution (if polluted property is passed to sinks like eval or child_process)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "set-in"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.1"
},
{
"fixed": "2.0.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-26021"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-11T15:13:28Z",
"nvd_published_at": "2026-02-11T22:15:52Z",
"severity": "CRITICAL"
},
"details": "### Summary\nA prototype pollution vulnerability exists in the the npm package set-in (\u003e=2.0.1). Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using Array.prototype. This has been fixed in version 2.0.5.\n\n### Details\nThe vulnerability resides in line 28 of https://github.com/ahdinosaur/set-in/blob/master/index.js where includes() function is used to check whether user provided input contain forbidden strings.\n\n### PoC\n#### Steps to reproduce\n1. Install latest version of set-in using npm install or cloning from git\n2. Run the following code snippet:\n\n```javascript\nArray.prototype.includes = () =\u003e false; \nconst si = require(\u0027set-in\u0027);\nconst obj = {};\nconsole.log({}.polluted);\nsi(obj, [\n \u0027constructor\u0027,\n \u0027prototype\u0027,\n \u0027polluted\u0027\n], \u0027yes\u0027);\nconsole.log(\u0027{ \u0027 + obj.polluted + \u0027, \u0027 + \u0027yes\u0027 + \u0027 }\u0027); // prints yes -\u003e indicating that the patch was bypassed and prototype pollution occurred\n```\n\n#### Expected behavior\nPrototype pollution should be prevented and {} should not gain new properties.\nThis should be printed on the console:\n```\nundefined\nundefined OR throw an Error\n```\n\n#### Actual behavior\nObject.prototype is polluted\nThis is printed on the console:\n```\nundefined \nyes\n```\n\n### Impact\nThis is a prototype pollution vulnerability, which can have severe security implications depending on how set-in is used by downstream applications. Any application that processes attacker-controlled input using this package may be affected.\nIt could potentially lead to the following problems:\n1. Authentication bypass\n2. Denial of service\n3. Remote code execution (if polluted property is passed to sinks like eval or child_process)",
"id": "GHSA-2c4m-g7rx-63q7",
"modified": "2026-02-12T14:19:12Z",
"published": "2026-02-11T15:13:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ahdinosaur/set-in/security/advisories/GHSA-2c4m-g7rx-63q7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26021"
},
{
"type": "WEB",
"url": "https://github.com/ahdinosaur/set-in/pull/6"
},
{
"type": "WEB",
"url": "https://github.com/ahdinosaur/set-in/commit/34842cc02de3fd65d6f8bd0b268347e7b390125b"
},
{
"type": "WEB",
"url": "https://github.com/ahdinosaur/set-in/commit/6bad255961d379e4b1f5fbc52ef9dc8420816f24"
},
{
"type": "WEB",
"url": "https://github.com/ahdinosaur/set-in/commit/b8e1dabfdbd35c8d604b6324e01d03f280256c3d"
},
{
"type": "WEB",
"url": "https://github.com/ahdinosaur/set-in/commit/d87c1a09fa2edb55cd76440a67d83d1cb828df11"
},
{
"type": "PACKAGE",
"url": "https://github.com/ahdinosaur/set-in"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "set-in Affected by Prototype Pollution"
}
GHSA-2CF2-2383-H4JV
Vulnerability from github – Published: 2021-05-07 16:16 – Updated: 2021-07-28 18:46querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "querymen"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7600"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-915"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-03T19:11:22Z",
"nvd_published_at": "2020-03-12T23:15:00Z",
"severity": "MODERATE"
},
"details": "querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.",
"id": "GHSA-2cf2-2383-h4jv",
"modified": "2021-07-28T18:46:07Z",
"published": "2021-05-07T16:16:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7600"
},
{
"type": "WEB",
"url": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen"
}
GHSA-2CJR-5V3H-V2W4
Vulnerability from github – Published: 2026-04-22 22:05 – Updated: 2026-05-04 19:54Summary
A prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the _applyUpdate() and _updateRecord() functions which use Object.assign() to merge user-controlled data without filtering dangerous keys like __proto__, constructor, or prototype.
Details
The vulnerability exists in src/proxy/mailbox/store.js at lines 123 and 145:
// src/proxy/mailbox/store.js:115-128
_applyUpdate(row) {
if (row._op === 'update') {
const existing = this._index[row.id];
// VULNERABLE: Direct Object.assign without key filtering
if (existing) Object.assign(existing, row.fields);
else this._index[row.id] = row.fields;
}
// ...
}
// src/proxy/mailbox/store.js:138-150
_updateRecord(id, fields) {
const existing = this._index[id];
// VULNERABLE: Direct Object.assign without key filtering
if (existing) Object.assign(existing, fields);
// ...
}
The vulnerability can be triggered when an attacker has the ability to write to the messages.jsonl file (used for mailbox persistence). By crafting a malicious JSONL entry with __proto__ as a field key, the attacker can pollute the prototype of all objects.
The data flows from:
1. messages.jsonl file →
2. readLines() function (line 47) →
3. _rebuildIndex() (line 113) → _applyUpdate() (line 121) →
4. Object.assign() pollutes prototype
PoC
Prerequisites: - Node.js installed - Access to write to the mailbox messages file
Steps to reproduce:
- Create a test file demonstrating the vulnerability:
// test-prototype-pollution.js
const fs = require('fs');
const path = require('path');
// Simulate the vulnerable Store class logic
class VulnerableStore {
constructor(filePath) {
this.filePath = filePath;
this._index = {};
}
load() {
if (!fs.existsSync(this.filePath)) return;
const lines = fs.readFileSync(this.filePath, 'utf8').split('\n');
for (const line of lines) {
if (!line.trim()) continue;
try {
const row = JSON.parse(line);
this._applyUpdate(row);
} catch (e) {
// Ignore parse errors
}
}
}
_applyUpdate(row) {
if (row._op === 'update') {
const existing = this._index[row.id];
// VULNERABLE: No filtering of dangerous keys
if (existing) Object.assign(existing, row.fields);
else this._index[row.id] = row.fields;
}
}
update(id, fields) {
this._updateRecord(id, fields);
}
_updateRecord(id, fields) {
const existing = this._index[id];
// VULNERABLE: No filtering of dangerous keys
if (existing) Object.assign(existing, fields);
else this._index[id] = fields;
}
}
// Test the vulnerability
console.log('=== Testing Prototype Pollution ===\n');
// Create a malicious messages.jsonl file
const maliciousContent = JSON.stringify({
_op: 'update',
id: 'msg-123',
fields: {
__proto__: {
polluted: true,
isAdmin: true
},
normalField: 'normalValue'
}
}) + '\n';
const testDir = '/tmp/evolver-pollution-test';
if (!fs.existsSync(testDir)) fs.mkdirSync(testDir, { recursive: true });
const testFile = path.join(testDir, 'messages.jsonl');
fs.writeFileSync(testFile, maliciousContent);
console.log('Created malicious messages.jsonl');
// Load the store (this triggers the vulnerability)
const store = new VulnerableStore(testFile);
store.load();
// Check if prototype was polluted
console.log('\n=== Checking for prototype pollution ===');
const testObj = {};
console.log('testObj.polluted:', testObj.polluted);
console.log('testObj.isAdmin:', testObj.isAdmin);
if (testObj.polluted === true) {
console.log('\n🔴 VULNERABILITY CONFIRMED: Object prototype was polluted!');
console.log('All objects now have "polluted" and "isAdmin" properties.');
} else {
console.log('\n🟡 Prototype pollution may require different payload structure');
}
// Demonstrate impact - bypassing authentication check
console.log('\n=== Impact Demonstration ===');
function checkAdmin(user) {
// Typical pattern that would be vulnerable
if (user.isAdmin) {
return 'Access granted - Admin privileges';
}
return 'Access denied';
}
const regularUser = { name: 'normal_user' };
console.log('Regular user check:', checkAdmin(regularUser));
// Cleanup
fs.rmSync(testDir, { recursive: true });
- Run the test:
node test-prototype-pollution.js
Expected output:
=== Checking for prototype pollution ===
testObj.polluted: true
testObj.isAdmin: true
🔴 VULNERABILITY CONFIRMED: Object prototype was polluted!
All objects now have "polluted" and "isAdmin" properties.
=== Impact Demonstration ===
Regular user check: Access granted - Admin privileges
Note: Modern Node.js versions have some prototype pollution protections. For a successful exploit, the attacker might need to use alternative property paths like constructor.prototype.isAdmin.
Attack scenario: If an attacker can write to the mailbox messages file (e.g., through file upload, path traversal, or compromised backup restore), they can:
{"_op":"update","id":"malicious","fields":{"__proto__":{"isAdmin":true,"canExecuteArbitraryCode":true}}}
Impact
This is a Prototype Pollution vulnerability that can lead to: - Property injection affecting all JavaScript objects - Authentication/authorization bypass - Application logic manipulation - Denial of service via prototype corruption - Potential remote code execution if polluted properties affect security-critical code paths
Attack requirements: The attacker needs write access to the messages.jsonl file. This could be achieved through:
- File upload vulnerabilities
- Path traversal (combined with the Arbitrary File Write vulnerability in the fetch command)
- Compromised backup files
- Shared hosting environments
Affected users: Anyone using the mailbox functionality in multi-user environments or with persistent message storage.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@evomap/evolver"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.69.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42077"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T22:05:28Z",
"nvd_published_at": "2026-05-04T17:16:24Z",
"severity": "MODERATE"
},
"details": "### Summary\nA prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into `Object.prototype`. The vulnerability exists in the `_applyUpdate()` and `_updateRecord()` functions which use `Object.assign()` to merge user-controlled data without filtering dangerous keys like `__proto__`, `constructor`, or `prototype`.\n\n### Details\nThe vulnerability exists in `src/proxy/mailbox/store.js` at lines 123 and 145:\n\n```javascript\n// src/proxy/mailbox/store.js:115-128\n_applyUpdate(row) {\n if (row._op === \u0027update\u0027) {\n const existing = this._index[row.id];\n // VULNERABLE: Direct Object.assign without key filtering\n if (existing) Object.assign(existing, row.fields);\n else this._index[row.id] = row.fields;\n }\n // ...\n}\n\n// src/proxy/mailbox/store.js:138-150\n_updateRecord(id, fields) {\n const existing = this._index[id];\n // VULNERABLE: Direct Object.assign without key filtering\n if (existing) Object.assign(existing, fields);\n // ...\n}\n```\n\nThe vulnerability can be triggered when an attacker has the ability to write to the `messages.jsonl` file (used for mailbox persistence). By crafting a malicious JSONL entry with `__proto__` as a field key, the attacker can pollute the prototype of all objects.\n\nThe data flows from:\n1. `messages.jsonl` file \u2192 \n2. `readLines()` function (line 47) \u2192 \n3. `_rebuildIndex()` (line 113) \u2192 `_applyUpdate()` (line 121) \u2192 \n4. `Object.assign()` pollutes prototype\n\n### PoC\n\n**Prerequisites:**\n- Node.js installed\n- Access to write to the mailbox messages file\n\n**Steps to reproduce:**\n\n1. Create a test file demonstrating the vulnerability:\n\n```javascript\n// test-prototype-pollution.js\nconst fs = require(\u0027fs\u0027);\nconst path = require(\u0027path\u0027);\n\n// Simulate the vulnerable Store class logic\nclass VulnerableStore {\n constructor(filePath) {\n this.filePath = filePath;\n this._index = {};\n }\n\n load() {\n if (!fs.existsSync(this.filePath)) return;\n const lines = fs.readFileSync(this.filePath, \u0027utf8\u0027).split(\u0027\\n\u0027);\n for (const line of lines) {\n if (!line.trim()) continue;\n try {\n const row = JSON.parse(line);\n this._applyUpdate(row);\n } catch (e) {\n // Ignore parse errors\n }\n }\n }\n\n _applyUpdate(row) {\n if (row._op === \u0027update\u0027) {\n const existing = this._index[row.id];\n // VULNERABLE: No filtering of dangerous keys\n if (existing) Object.assign(existing, row.fields);\n else this._index[row.id] = row.fields;\n }\n }\n\n update(id, fields) {\n this._updateRecord(id, fields);\n }\n\n _updateRecord(id, fields) {\n const existing = this._index[id];\n // VULNERABLE: No filtering of dangerous keys\n if (existing) Object.assign(existing, fields);\n else this._index[id] = fields;\n }\n}\n\n// Test the vulnerability\nconsole.log(\u0027=== Testing Prototype Pollution ===\\n\u0027);\n\n// Create a malicious messages.jsonl file\nconst maliciousContent = JSON.stringify({\n _op: \u0027update\u0027,\n id: \u0027msg-123\u0027,\n fields: {\n __proto__: {\n polluted: true,\n isAdmin: true\n },\n normalField: \u0027normalValue\u0027\n }\n}) + \u0027\\n\u0027;\n\nconst testDir = \u0027/tmp/evolver-pollution-test\u0027;\nif (!fs.existsSync(testDir)) fs.mkdirSync(testDir, { recursive: true });\nconst testFile = path.join(testDir, \u0027messages.jsonl\u0027);\n\nfs.writeFileSync(testFile, maliciousContent);\nconsole.log(\u0027Created malicious messages.jsonl\u0027);\n\n// Load the store (this triggers the vulnerability)\nconst store = new VulnerableStore(testFile);\nstore.load();\n\n// Check if prototype was polluted\nconsole.log(\u0027\\n=== Checking for prototype pollution ===\u0027);\nconst testObj = {};\nconsole.log(\u0027testObj.polluted:\u0027, testObj.polluted);\nconsole.log(\u0027testObj.isAdmin:\u0027, testObj.isAdmin);\n\nif (testObj.polluted === true) {\n console.log(\u0027\\n\ud83d\udd34 VULNERABILITY CONFIRMED: Object prototype was polluted!\u0027);\n console.log(\u0027All objects now have \"polluted\" and \"isAdmin\" properties.\u0027);\n} else {\n console.log(\u0027\\n\ud83d\udfe1 Prototype pollution may require different payload structure\u0027);\n}\n\n// Demonstrate impact - bypassing authentication check\nconsole.log(\u0027\\n=== Impact Demonstration ===\u0027);\nfunction checkAdmin(user) {\n // Typical pattern that would be vulnerable\n if (user.isAdmin) {\n return \u0027Access granted - Admin privileges\u0027;\n }\n return \u0027Access denied\u0027;\n}\n\nconst regularUser = { name: \u0027normal_user\u0027 };\nconsole.log(\u0027Regular user check:\u0027, checkAdmin(regularUser));\n\n// Cleanup\nfs.rmSync(testDir, { recursive: true });\n```\n\n2. Run the test:\n```bash\nnode test-prototype-pollution.js\n```\n\n**Expected output:**\n```\n=== Checking for prototype pollution ===\ntestObj.polluted: true\ntestObj.isAdmin: true\n\n\ud83d\udd34 VULNERABILITY CONFIRMED: Object prototype was polluted!\nAll objects now have \"polluted\" and \"isAdmin\" properties.\n\n=== Impact Demonstration ===\nRegular user check: Access granted - Admin privileges\n```\n\n**Note:** Modern Node.js versions have some prototype pollution protections. For a successful exploit, the attacker might need to use alternative property paths like `constructor.prototype.isAdmin`.\n\n**Attack scenario:**\nIf an attacker can write to the mailbox messages file (e.g., through file upload, path traversal, or compromised backup restore), they can:\n```jsonl\n{\"_op\":\"update\",\"id\":\"malicious\",\"fields\":{\"__proto__\":{\"isAdmin\":true,\"canExecuteArbitraryCode\":true}}}\n```\n\n### Impact\nThis is a **Prototype Pollution** vulnerability that can lead to:\n- Property injection affecting all JavaScript objects\n- Authentication/authorization bypass\n- Application logic manipulation\n- Denial of service via prototype corruption\n- Potential remote code execution if polluted properties affect security-critical code paths\n\n**Attack requirements:** The attacker needs write access to the `messages.jsonl` file. This could be achieved through:\n- File upload vulnerabilities\n- Path traversal (combined with the Arbitrary File Write vulnerability in the fetch command)\n- Compromised backup files\n- Shared hosting environments\n\n**Affected users:** Anyone using the mailbox functionality in multi-user environments or with persistent message storage.",
"id": "GHSA-2cjr-5v3h-v2w4",
"modified": "2026-05-04T19:54:38Z",
"published": "2026-04-22T22:05:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42077"
},
{
"type": "PACKAGE",
"url": "https://github.com/EvoMap/evolver"
},
{
"type": "WEB",
"url": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations"
}
GHSA-2CP6-34R9-54XX
Vulnerability from github – Published: 2026-01-29 15:18 – Updated: 2026-01-29 15:18Summary
The makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks hasOwnProperty() checks and does not filter dangerous keys, allowing inherited properties and potentially malicious properties to be copied to target objects.
Details
The extendObject function iterates over source object properties using a for...in loop without:
1. Checking hasOwnProperty() to exclude inherited properties
2. Filtering dangerous keys (__proto__, constructor, prototype)
3. Validating property sources
Affected Code
File: https://github.com/microsoft/maker.js/blob/98cffa82a372ff942194c925a12a311253587167/packages/maker.js/src/core/maker.ts#L232-L241
PoC
const makerjs = require('makerjs');
const source = { __proto__: { name: 'Ravi', isAdmin: true } };
const target = { name: 'user' };
const result = makerjs.extendObject(target, source);
console.log(result.name); // Ravi
console.log(result.isAdmin); // true
Impact
Security Implications
-
Unexpected Behavior: Properties may appear on target objects but not be own properties, breaking
hasOwnProperty()assumptions in security-sensitive code. -
Security Bypass Risk: Code relying on
hasOwnProperty()for validation could be bypassed. -
Future Risk: Lack of dangerous key filtering (
__proto__,constructor,prototype) exposes potential attack vectors.
Affected Use Cases
- Extending objects from user input or external APIs
- Merging options from untrusted sources
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.19.1"
},
"package": {
"ecosystem": "npm",
"name": "makerjs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.19.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-24888"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-29T15:18:33Z",
"nvd_published_at": "2026-01-28T22:15:56Z",
"severity": "MODERATE"
},
"details": "### Summary\nThe `makerjs.extendObject` function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks `hasOwnProperty()` checks and does not filter dangerous keys, allowing inherited properties and potentially malicious properties to be copied to target objects.\n\n### Details\nThe `extendObject` function iterates over source object properties using a `for...in` loop without:\n1. Checking `hasOwnProperty()` to exclude inherited properties\n2. Filtering dangerous keys (`__proto__`, `constructor`, `prototype`)\n3. Validating property sources\n\n### Affected Code\n\n**File**: https://github.com/microsoft/maker.js/blob/98cffa82a372ff942194c925a12a311253587167/packages/maker.js/src/core/maker.ts#L232-L241\n\n\n\n### PoC\n```javascript\nconst makerjs = require(\u0027makerjs\u0027);\n\nconst source = { __proto__: { name: \u0027Ravi\u0027, isAdmin: true } };\nconst target = { name: \u0027user\u0027 };\nconst result = makerjs.extendObject(target, source);\n\nconsole.log(result.name); // Ravi\nconsole.log(result.isAdmin); // true\n```\n\n\n### Impact\n### Security Implications\n\n1. **Unexpected Behavior**: Properties may appear on target objects but not be own properties, breaking `hasOwnProperty()` assumptions in security-sensitive code.\n\n2. **Security Bypass Risk**: Code relying on `hasOwnProperty()` for validation could be bypassed.\n\n3. **Future Risk**: Lack of dangerous key filtering (`__proto__`, `constructor`, `prototype`) exposes potential attack vectors.\n\n### Affected Use Cases\n\n- Extending objects from user input or external APIs\n- Merging options from untrusted sources",
"id": "GHSA-2cp6-34r9-54xx",
"modified": "2026-01-29T15:18:33Z",
"published": "2026-01-29T15:18:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/microsoft/maker.js/security/advisories/GHSA-2cp6-34r9-54xx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24888"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/maker.js/commit/85e0f12bd868974b891601a141974f929dec36b8"
},
{
"type": "PACKAGE",
"url": "https://github.com/microsoft/maker.js"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/maker.js/blob/98cffa82a372ff942194c925a12a311253587167/packages/maker.js/src/core/maker.ts#L232-L241"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Maker.js has Unsafe Property Copying in makerjs.extendObject"
}
GHSA-2F6G-W5GJ-C93H
Vulnerability from github – Published: 2021-04-13 15:20 – Updated: 2021-03-22 23:02This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "iniparserjs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23328"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-22T23:02:01Z",
"nvd_published_at": "2021-01-29T17:15:00Z",
"severity": "MODERATE"
},
"details": "This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.",
"id": "GHSA-2f6g-w5gj-c93h",
"modified": "2021-03-22T23:02:01Z",
"published": "2021-04-13T15:20:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23328"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/iniparserjs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in iniparserjs"
}
GHSA-2G4C-8FPM-C46V
Vulnerability from github – Published: 2024-03-27 21:57 – Updated: 2024-03-27 21:57Impact:
The mergeDeep() function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object's prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing carefully crafted input to function.
Patches:
It has been fixed in web3-utils version 4.2.1 so all packages and apps depending on web3-utils >=4.0.1 and <=4.2.0 should upgrade to web3-utils 4.2.1.
Workarounds:
None
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "web3-utils"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.1"
},
{
"fixed": "4.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21505"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-27T21:57:42Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact: \nThe mergeDeep() function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object\u0027s prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing carefully crafted input to function.\n\n### Patches: \nIt has been fixed in web3-utils version 4.2.1 so all packages and apps depending on web3-utils \u003e=4.0.1 and \u003c=4.2.0 should upgrade to web3-utils 4.2.1.\n\n### Workarounds: \nNone\n",
"id": "GHSA-2g4c-8fpm-c46v",
"modified": "2024-03-27T21:57:42Z",
"published": "2024-03-27T21:57:42Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/web3/web3.js/security/advisories/GHSA-2g4c-8fpm-c46v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21505"
},
{
"type": "WEB",
"url": "https://github.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80"
},
{
"type": "PACKAGE",
"url": "https://github.com/web3/web3.js"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "web3-utils Prototype Pollution vulnerability"
}
Mitigation
By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.
Mitigation
By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.
Mitigation
Strategy: Input Validation
When handling untrusted objects, validating using a schema can be used.
Mitigation
By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.
Mitigation
Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.