Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

780 vulnerabilities reference this CWE, most recent first.

GHSA-53RP-33P8-4HM8

Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 15:32
VLAI
Details

A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-05T22:15:31Z",
    "severity": "HIGH"
  },
  "details": "A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.",
  "id": "GHSA-53rp-33p8-4hm8",
  "modified": "2025-02-06T15:32:52Z",
  "published": "2025-02-06T06:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57074"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/tariqhawis/82e3eb472d03273a74e40242e8356297"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54XV-94QV-2GFG

Vulnerability from github – Published: 2025-07-10 17:43 – Updated: 2025-07-10 23:23
VLAI
Summary
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation
Details

Summary

The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks.

Details

1. Sandbox Escape Leading to XSS

The expression evaluator's sandbox can be bypassed to execute arbitrary JavaScript code. Attackers can obtain the Function constructor through indirect methods:

// Attack vector 1: Using Object.getOwnPropertyDescriptor
{ ((f, g) => f(g(Object), "constructor").value)(Object.getOwnPropertyDescriptor, Object.getPrototypeOf)("alert(location)")() }

// Attack vector 2: Using object property access
{ { f: Object.getOwnPropertyDescriptor }.f({ g: Object.getPrototypeOf }.g(Object), "constructor").value("alert(location)")() }

Both payloads bypass the sandbox restrictions and execute Function("alert(location)")().

2. Prototype Pollution

The expression evaluator allows access to prototype accessor methods which can be exploited with Object.assign to pollute the prototype chain: - __lookupGetter__ - __lookupSetter__ - __defineGetter__ - __defineSetter__

Impact

These vulnerabilities allow attackers to: - Execute arbitrary JavaScript code in the context of the application - Steal sensitive information including cookies and tokens - Modify application behavior through prototype pollution - Potentially perform actions on behalf of users

Proof of Concept

Loading the following template in pdfme triggers alert(location):

{
  "schemas": [[{
    "name": "field1",
    "type": "text",
    "content": "{ ((f, g) => f(g(Object), 'constructor').value)(Object.getOwnPropertyDescriptor, Object.getPrototypeOf)('alert(location)')() }",
    "position": { "x": 0, "y": 0 },
    "width": 100,
    "height": 100
  }]],
  "basePdf": { "width": 100, "height": 100 },
  "pdfmeVersion": "5.4.0"
}
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@pdfme/common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.2.0"
            },
            {
              "fixed": "5.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53626"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-10T17:43:52Z",
    "nvd_published_at": "2025-07-10T19:15:27Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\nThe expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks.\n\n## Details\n\n### 1. Sandbox Escape Leading to XSS\n\nThe expression evaluator\u0027s sandbox can be bypassed to execute arbitrary JavaScript code. Attackers can obtain the Function constructor through indirect methods:\n\n```javascript\n// Attack vector 1: Using Object.getOwnPropertyDescriptor\n{ ((f, g) =\u003e f(g(Object), \"constructor\").value)(Object.getOwnPropertyDescriptor, Object.getPrototypeOf)(\"alert(location)\")() }\n\n// Attack vector 2: Using object property access\n{ { f: Object.getOwnPropertyDescriptor }.f({ g: Object.getPrototypeOf }.g(Object), \"constructor\").value(\"alert(location)\")() }\n```\n\nBoth payloads bypass the sandbox restrictions and execute `Function(\"alert(location)\")()`.\n\n### 2. Prototype Pollution\n\nThe expression evaluator allows access to prototype accessor methods which can be exploited with Object.assign to pollute the prototype chain:\n- `__lookupGetter__`\n- `__lookupSetter__`\n- `__defineGetter__`\n- `__defineSetter__`\n\n## Impact\n\nThese vulnerabilities allow attackers to:\n- Execute arbitrary JavaScript code in the context of the application\n- Steal sensitive information including cookies and tokens\n- Modify application behavior through prototype pollution\n- Potentially perform actions on behalf of users\n\n## Proof of Concept\n\nLoading the following template in pdfme triggers `alert(location)`:\n\n```json\n{\n  \"schemas\": [[{\n    \"name\": \"field1\",\n    \"type\": \"text\",\n    \"content\": \"{ ((f, g) =\u003e f(g(Object), \u0027constructor\u0027).value)(Object.getOwnPropertyDescriptor, Object.getPrototypeOf)(\u0027alert(location)\u0027)() }\",\n    \"position\": { \"x\": 0, \"y\": 0 },\n    \"width\": 100,\n    \"height\": 100\n  }]],\n  \"basePdf\": { \"width\": 100, \"height\": 100 },\n  \"pdfmeVersion\": \"5.4.0\"\n}\n```",
  "id": "GHSA-54xv-94qv-2gfg",
  "modified": "2025-07-10T23:23:06Z",
  "published": "2025-07-10T17:43:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pdfme/pdfme/security/advisories/GHSA-54xv-94qv-2gfg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53626"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pdfme/pdfme/pull/1117"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pdfme/pdfme/commit/0dd54739acff2c249ed68c001a896bee38f0fd85"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pdfme/pdfme"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pdfme/pdfme/releases/tag/5.4.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation"
}

GHSA-587P-W43Q-4HJX

Vulnerability from github – Published: 2026-05-07 18:30 – Updated: 2026-05-12 16:19
VLAI
Summary
query-parser-string is vulnerable to Prototype Pollution
Details

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "query-string-parser"
      },
      "versions": [
        "1.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2025-63704"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-12T16:19:25Z",
    "nvd_published_at": "2026-05-07T16:16:17Z",
    "severity": "CRITICAL"
  },
  "details": "NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.",
  "id": "GHSA-587p-w43q-4hjx",
  "modified": "2026-05-12T16:19:25Z",
  "published": "2026-05-07T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63704"
    },
    {
      "type": "WEB",
      "url": "https://github.com/victorteokw/query-string-parser/issues/3"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/6en6ar/d62f614dbb2b1032b5e45a56fe26ec8b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/victorteokw/query-string-parser"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/query-string-parser?activeTab=readme"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "query-parser-string is vulnerable to Prototype Pollution"
}

GHSA-5888-FFCR-R425

Vulnerability from github – Published: 2022-02-09 22:20 – Updated: 2023-10-23 19:20
VLAI
Summary
Prototype Pollution leading to Remote Code Execution in superjson
Details

Impact

This is critical vulnerability, as it allows to run arbitrary code on any server using superjson input, including a Blitz.js server, without prior authentication or knowledge. Attackers gain full control over the server so they could steal and manipulate data or attack further systems. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. In the case of Blitz.js, it would be at least one RPC call.

Patches

This has been patched in superjson 1.8.1 and Blitz.js 0.45.3.

If you are unable to upgrade to Blitz.js 0.45.3 in a timely manner, you can instead upgrade only superjson to version 1.8.1 using yarn resolutions are similar. Blitz versions < 0.45.3 are only affected because they used superjson versions < 1.8.1.

Workarounds

None

For more information

If you have any questions or comments about this advisory: * Open an issue in https://github.com/blitz-js/superjson * Email us at b@bayer.ws

References

  • https://www.sonarsource.com/blog/blitzjs-prototype-pollution/
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "superjson"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "blitz"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.45.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23631"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-09T22:20:49Z",
    "nvd_published_at": "2022-02-09T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nThis is critical vulnerability, as it allows to run arbitrary code on any server using superjson input, including a Blitz.js server, without prior authentication or knowledge. Attackers gain full control over the server so they could steal and manipulate data or attack further systems. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. In the case of Blitz.js, it would be at least one RPC call. \n\n### Patches\nThis has been patched in superjson 1.8.1 and Blitz.js 0.45.3. \n\nIf you are unable to upgrade to Blitz.js 0.45.3 in a timely manner, you can instead upgrade only superjson to version 1.8.1 using yarn resolutions are similar. Blitz versions \u003c 0.45.3 are only affected because they used superjson versions \u003c 1.8.1.\n\n### Workarounds\nNone\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in https://github.com/blitz-js/superjson\n* Email us at b@bayer.ws\n\n### References\n* https://www.sonarsource.com/blog/blitzjs-prototype-pollution/",
  "id": "GHSA-5888-ffcr-r425",
  "modified": "2023-10-23T19:20:21Z",
  "published": "2022-02-09T22:20:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/blitz-js/superjson/security/advisories/GHSA-5888-ffcr-r425"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23631"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-5888-ffcr-r425"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/blitz-js/superjson"
    },
    {
      "type": "WEB",
      "url": "https://www.sonarsource.com/blog/blitzjs-prototype-pollution"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution leading to Remote Code Execution in superjson"
}

GHSA-58G2-9FQR-36Q2

Vulnerability from github – Published: 2021-09-02 22:01 – Updated: 2021-09-10 17:08
VLAI
Summary
Prototype Pollution in Proto
Details

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "Proto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-02T17:04:55Z",
    "nvd_published_at": "2021-09-01T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.",
  "id": "GHSA-58g2-9fqr-36q2",
  "modified": "2021-09-10T17:08:40Z",
  "published": "2021-09-02T22:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23426"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/adriancmiranda/Proto"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-PROTO-1316301"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/Proto"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in Proto"
}

GHSA-5947-M4FG-XHQG

Vulnerability from github – Published: 2020-09-03 18:08 – Updated: 2020-08-31 18:46
VLAI
Summary
Prototype Pollution in lodash.mergewith
Details

Versions of lodash.mergewith before 4.6.1 are vulnerable to Prototype Pollution. The function 'mergeWith' may allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.

Recommendation

Update to version 4.6.1 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "lodash.mergewith"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:46:11Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Versions of `lodash.mergewith` before 4.6.1 are vulnerable to Prototype Pollution. The function \u0027mergeWith\u0027 may allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nUpdate to version 4.6.1 or later.",
  "id": "GHSA-5947-m4fg-xhqg",
  "modified": "2020-08-31T18:46:11Z",
  "published": "2020-09-03T18:08:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Prototype Pollution in lodash.mergewith"
}

GHSA-5F97-H2C2-826Q

Vulnerability from github – Published: 2024-05-20 18:31 – Updated: 2024-05-20 21:03
VLAI
Summary
json-schema-ref-parser Prototype Pollution issue
Details

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle(), parse(), resolve(), dereference() functions.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 11.1.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@apidevtools/json-schema-ref-parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-29651"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-20T21:03:12Z",
    "nvd_published_at": "2024-05-20T18:15:10Z",
    "severity": "HIGH"
  },
  "details": "A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the `bundle()`, `parse()`, `resolve()`, `dereference()` functions.",
  "id": "GHSA-5f97-h2c2-826q",
  "modified": "2024-05-20T21:03:12Z",
  "published": "2024-05-20T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29651"
    },
    {
      "type": "WEB",
      "url": "https://github.com/APIDevTools/json-schema-ref-parser/commit/8cad7f72c15b198f4d0b5b1c8a3a979b2e4baa82"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/tariqhawis/5db76b38112bba756615b688c32409ad"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/APIDevTools/json-schema-ref-parser"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "json-schema-ref-parser Prototype Pollution issue"
}

GHSA-5FGG-JCPF-8JJW

Vulnerability from github – Published: 2026-04-22 17:40 – Updated: 2026-05-13 13:29
VLAI
Summary
i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters
Details

Summary

Versions of i18next-http-middleware prior to 3.9.3 pass user-controlled lng and ns parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF.

The vulnerable entry points are unauthenticated HTTP handlers that are part of the middleware's public API:

  • getResourcesHandler — reads lng/ns from query parameters or route params and passes them unvalidated to:
  • utils.setPath(resources, [lng, ns], ...) — the setPath helper did not guard against __proto__, constructor, or prototype keys, writing into Object.prototype when those values were supplied.
  • i18next.services.backendConnector.load(languages, namespaces, ...) — depending on the configured backend, unvalidated path segments enabled filesystem path traversal (e.g. with i18next-fs-backend) or SSRF (e.g. with i18next-http-backend).
  • A namespaces.forEach(ns => i18next.options.ns.push(ns)) loop additionally performed permanent, unbounded growth of the shared singleton namespace list.
  • missingKeyHandler — iterated the incoming request body with for...in, which traverses inherited prototype-chain properties. A POST body like {"__proto__": {"isAdmin": true}} was forwarded into saveMissing.

Impact

  • Prototype pollution — a single unauthenticated request of the form GET /locales/resources.json?lng=__proto__&ns=isAdmin writes into Object.prototype, affecting every plain object created subsequently in the Node.js process. This can break authorization checks (if (user.isAdmin)), cause denial of service via type confusion, or be chained into RCE depending on what downstream code reads from polluted objects.
  • Path traversal / SSRF — with filesystem or HTTP backends that interpolate lng/ns into paths or URLs, attacker-controlled values like ns=../../etc/passwd or lng=internal-service could reach resources outside the intended scope.
  • Denial of service — the unbounded i18next.options.ns growth, plus repeated backend load calls, enabled memory and CPU exhaustion from unique namespace payloads.

Affected versions

< 3.9.3.

Patch

Fixed in 3.9.3. The patch:

  1. Blocks __proto__, constructor, and prototype keys in utils.setPath.
  2. Replaces the for...in body iteration in missingKeyHandler with Object.keys() plus an explicit dangerous-keys guard.
  3. Introduces a utils.isSafeIdentifier helper (denylist approach — still permits any legitimate i18next language code shape) that filters lng/ns values for path-traversal, path separators, control characters, prototype keys, and over-long inputs before they reach the backend connector and before they are pushed into i18next.options.ns.

Workarounds

No workaround short of upgrading. Front-proxying the middleware with a WAF rule that rejects requests containing __proto__, constructor, prototype, .., or control characters in lng/ns query parameters or body keys is a partial mitigation.

Credits

Discovered via an internal security audit of the i18next ecosystem.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "i18next-http-middleware"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41690"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-22T17:40:47Z",
    "nvd_published_at": "2026-05-08T16:16:11Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nVersions of `i18next-http-middleware` prior to 3.9.3 pass user-controlled `lng` and `ns` parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF.\n\nThe vulnerable entry points are unauthenticated HTTP handlers that are part of the middleware\u0027s public API:\n\n- `getResourcesHandler` \u2014 reads `lng`/`ns` from query parameters or route params and passes them unvalidated to:\n  - `utils.setPath(resources, [lng, ns], ...)` \u2014 the `setPath` helper did not guard against `__proto__`, `constructor`, or `prototype` keys, writing into `Object.prototype` when those values were supplied.\n  - `i18next.services.backendConnector.load(languages, namespaces, ...)` \u2014 depending on the configured backend, unvalidated path segments enabled filesystem path traversal (e.g. with `i18next-fs-backend`) or SSRF (e.g. with `i18next-http-backend`).\n  - A `namespaces.forEach(ns =\u003e i18next.options.ns.push(ns))` loop additionally performed permanent, unbounded growth of the shared singleton namespace list.\n- `missingKeyHandler` \u2014 iterated the incoming request body with `for...in`, which traverses inherited prototype-chain properties. A POST body like `{\"__proto__\": {\"isAdmin\": true}}` was forwarded into `saveMissing`.\n\n### Impact\n\n- **Prototype pollution** \u2014 a single unauthenticated request of the form `GET /locales/resources.json?lng=__proto__\u0026ns=isAdmin` writes into `Object.prototype`, affecting every plain object created subsequently in the Node.js process. This can break authorization checks (`if (user.isAdmin)`), cause denial of service via type confusion, or be chained into RCE depending on what downstream code reads from polluted objects.\n- **Path traversal / SSRF** \u2014 with filesystem or HTTP backends that interpolate `lng`/`ns` into paths or URLs, attacker-controlled values like `ns=../../etc/passwd` or `lng=internal-service` could reach resources outside the intended scope.\n- **Denial of service** \u2014 the unbounded `i18next.options.ns` growth, plus repeated backend load calls, enabled memory and CPU exhaustion from unique namespace payloads.\n\n### Affected versions\n\n`\u003c 3.9.3`.\n\n### Patch\n\nFixed in **3.9.3**. The patch:\n\n1. Blocks `__proto__`, `constructor`, and `prototype` keys in `utils.setPath`.\n2. Replaces the `for...in` body iteration in `missingKeyHandler` with `Object.keys()` plus an explicit dangerous-keys guard.\n3. Introduces a `utils.isSafeIdentifier` helper (denylist approach \u2014 still permits any legitimate i18next language code shape) that filters `lng`/`ns` values for path-traversal, path separators, control characters, prototype keys, and over-long inputs before they reach the backend connector and before they are pushed into `i18next.options.ns`.\n\n### Workarounds\n\nNo workaround short of upgrading. Front-proxying the middleware with a WAF rule that rejects requests containing `__proto__`, `constructor`, `prototype`, `..`, or control characters in `lng`/`ns` query parameters or body keys is a partial mitigation.\n\n### Credits\n\nDiscovered via an internal security audit of the i18next ecosystem.",
  "id": "GHSA-5fgg-jcpf-8jjw",
  "modified": "2026-05-13T13:29:51Z",
  "published": "2026-04-22T17:40:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-5fgg-jcpf-8jjw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41690"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/i18next/i18next-http-middleware"
    },
    {
      "type": "WEB",
      "url": "https://www.i18next.com/how-to/faq#how-should-the-language-codes-be-formatted"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters"
}

GHSA-5J86-7R7M-P8H6

Vulnerability from github – Published: 2026-03-10 00:57 – Updated: 2026-03-10 18:44
VLAI
Summary
Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution
Details

Impact

An unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The server recurses infinitely, causing a call stack size error that terminates the process.

Other prototype property names bypass Cloud Function dispatch validation and return HTTP 200 responses, even though no such Cloud Functions are defined. The same applies to dot-notation traversal.

All Parse Server deployments that expose the Cloud Function endpoint are affected.

Patches

The internal handler registries for Cloud Functions, Jobs, Triggers, and Validators have been changed to prevent prototype chain properties from being resolved.

Workarounds

Place a reverse proxy or WAF in front of Parse Server and block requests to Object.prototype property names.

References

  • GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-5j86-7r7m-p8h6
  • Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.5.1-alpha.2
  • Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.13
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.6.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-alpha.1"
            },
            {
              "fixed": "9.5.1-alpha.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-30939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-10T00:57:57Z",
    "nvd_published_at": "2026-03-10T18:18:53Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nAn unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The server recurses infinitely, causing a call stack size error that terminates the process.\n\nOther prototype property names bypass Cloud Function dispatch validation and return HTTP 200 responses, even though no such Cloud Functions are defined. The same applies to dot-notation traversal.\n\nAll Parse Server deployments that expose the Cloud Function endpoint are affected.\n\n### Patches\n\nThe internal handler registries for Cloud Functions, Jobs, Triggers, and Validators have been changed to prevent prototype chain properties from being resolved.\n\n### Workarounds\n\nPlace a reverse proxy or WAF in front of Parse Server and block requests to `Object.prototype` property names.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-5j86-7r7m-p8h6\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.5.1-alpha.2\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.13",
  "id": "GHSA-5j86-7r7m-p8h6",
  "modified": "2026-03-10T18:44:51Z",
  "published": "2026-03-10T00:57:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-5j86-7r7m-p8h6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30939"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/8.6.13"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/9.5.1-alpha.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution"
}

GHSA-5P42-M6F3-HPMJ

Vulnerability from github – Published: 2023-08-17 00:30 – Updated: 2023-08-24 22:28
VLAI
Summary
tree-kit Prototype Pollution vulnerability
Details

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "tree-kit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-38894"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-17T19:06:27Z",
    "nvd_published_at": "2023-08-16T22:15:13Z",
    "severity": "CRITICAL"
  },
  "details": "A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.",
  "id": "GHSA-5p42-m6f3-hpmj",
  "modified": "2023-08-24T22:28:41Z",
  "published": "2023-08-17T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38894"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cronvel/tree-kit/commit/61bf10cf0dbddaeea3f198cfe7cb469f360d82bc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cronvel/tree-kit"
    },
    {
      "type": "WEB",
      "url": "https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894"
    },
    {
      "type": "WEB",
      "url": "http://tree-kit.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "tree-kit Prototype Pollution vulnerability"
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.