CWE-1321
AllowedImproperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Abstraction: Variant · Status: Incomplete
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
780 vulnerabilities reference this CWE, most recent first.
GHSA-53RP-33P8-4HM8
Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 15:32A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
{
"affected": [],
"aliases": [
"CVE-2024-57074"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-05T22:15:31Z",
"severity": "HIGH"
},
"details": "A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.",
"id": "GHSA-53rp-33p8-4hm8",
"modified": "2025-02-06T15:32:52Z",
"published": "2025-02-06T06:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57074"
},
{
"type": "WEB",
"url": "https://gist.github.com/tariqhawis/82e3eb472d03273a74e40242e8356297"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54XV-94QV-2GFG
Vulnerability from github – Published: 2025-07-10 17:43 – Updated: 2025-07-10 23:23Summary
The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks.
Details
1. Sandbox Escape Leading to XSS
The expression evaluator's sandbox can be bypassed to execute arbitrary JavaScript code. Attackers can obtain the Function constructor through indirect methods:
// Attack vector 1: Using Object.getOwnPropertyDescriptor
{ ((f, g) => f(g(Object), "constructor").value)(Object.getOwnPropertyDescriptor, Object.getPrototypeOf)("alert(location)")() }
// Attack vector 2: Using object property access
{ { f: Object.getOwnPropertyDescriptor }.f({ g: Object.getPrototypeOf }.g(Object), "constructor").value("alert(location)")() }
Both payloads bypass the sandbox restrictions and execute Function("alert(location)")().
2. Prototype Pollution
The expression evaluator allows access to prototype accessor methods which can be exploited with Object.assign to pollute the prototype chain:
- __lookupGetter__
- __lookupSetter__
- __defineGetter__
- __defineSetter__
Impact
These vulnerabilities allow attackers to: - Execute arbitrary JavaScript code in the context of the application - Steal sensitive information including cookies and tokens - Modify application behavior through prototype pollution - Potentially perform actions on behalf of users
Proof of Concept
Loading the following template in pdfme triggers alert(location):
{
"schemas": [[{
"name": "field1",
"type": "text",
"content": "{ ((f, g) => f(g(Object), 'constructor').value)(Object.getOwnPropertyDescriptor, Object.getPrototypeOf)('alert(location)')() }",
"position": { "x": 0, "y": 0 },
"width": 100,
"height": 100
}]],
"basePdf": { "width": 100, "height": 100 },
"pdfmeVersion": "5.4.0"
}
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@pdfme/common"
},
"ranges": [
{
"events": [
{
"introduced": "5.2.0"
},
{
"fixed": "5.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-53626"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-10T17:43:52Z",
"nvd_published_at": "2025-07-10T19:15:27Z",
"severity": "MODERATE"
},
"details": "## Summary\nThe expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks.\n\n## Details\n\n### 1. Sandbox Escape Leading to XSS\n\nThe expression evaluator\u0027s sandbox can be bypassed to execute arbitrary JavaScript code. Attackers can obtain the Function constructor through indirect methods:\n\n```javascript\n// Attack vector 1: Using Object.getOwnPropertyDescriptor\n{ ((f, g) =\u003e f(g(Object), \"constructor\").value)(Object.getOwnPropertyDescriptor, Object.getPrototypeOf)(\"alert(location)\")() }\n\n// Attack vector 2: Using object property access\n{ { f: Object.getOwnPropertyDescriptor }.f({ g: Object.getPrototypeOf }.g(Object), \"constructor\").value(\"alert(location)\")() }\n```\n\nBoth payloads bypass the sandbox restrictions and execute `Function(\"alert(location)\")()`.\n\n### 2. Prototype Pollution\n\nThe expression evaluator allows access to prototype accessor methods which can be exploited with Object.assign to pollute the prototype chain:\n- `__lookupGetter__`\n- `__lookupSetter__`\n- `__defineGetter__`\n- `__defineSetter__`\n\n## Impact\n\nThese vulnerabilities allow attackers to:\n- Execute arbitrary JavaScript code in the context of the application\n- Steal sensitive information including cookies and tokens\n- Modify application behavior through prototype pollution\n- Potentially perform actions on behalf of users\n\n## Proof of Concept\n\nLoading the following template in pdfme triggers `alert(location)`:\n\n```json\n{\n \"schemas\": [[{\n \"name\": \"field1\",\n \"type\": \"text\",\n \"content\": \"{ ((f, g) =\u003e f(g(Object), \u0027constructor\u0027).value)(Object.getOwnPropertyDescriptor, Object.getPrototypeOf)(\u0027alert(location)\u0027)() }\",\n \"position\": { \"x\": 0, \"y\": 0 },\n \"width\": 100,\n \"height\": 100\n }]],\n \"basePdf\": { \"width\": 100, \"height\": 100 },\n \"pdfmeVersion\": \"5.4.0\"\n}\n```",
"id": "GHSA-54xv-94qv-2gfg",
"modified": "2025-07-10T23:23:06Z",
"published": "2025-07-10T17:43:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pdfme/pdfme/security/advisories/GHSA-54xv-94qv-2gfg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53626"
},
{
"type": "WEB",
"url": "https://github.com/pdfme/pdfme/pull/1117"
},
{
"type": "WEB",
"url": "https://github.com/pdfme/pdfme/commit/0dd54739acff2c249ed68c001a896bee38f0fd85"
},
{
"type": "PACKAGE",
"url": "https://github.com/pdfme/pdfme"
},
{
"type": "WEB",
"url": "https://github.com/pdfme/pdfme/releases/tag/5.4.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation"
}
GHSA-587P-W43Q-4HJX
Vulnerability from github – Published: 2026-05-07 18:30 – Updated: 2026-05-12 16:19NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "query-string-parser"
},
"versions": [
"1.0.0"
]
}
],
"aliases": [
"CVE-2025-63704"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-12T16:19:25Z",
"nvd_published_at": "2026-05-07T16:16:17Z",
"severity": "CRITICAL"
},
"details": "NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.",
"id": "GHSA-587p-w43q-4hjx",
"modified": "2026-05-12T16:19:25Z",
"published": "2026-05-07T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63704"
},
{
"type": "WEB",
"url": "https://github.com/victorteokw/query-string-parser/issues/3"
},
{
"type": "WEB",
"url": "https://gist.github.com/6en6ar/d62f614dbb2b1032b5e45a56fe26ec8b"
},
{
"type": "PACKAGE",
"url": "https://github.com/victorteokw/query-string-parser"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/query-string-parser?activeTab=readme"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "query-parser-string is vulnerable to Prototype Pollution"
}
GHSA-5888-FFCR-R425
Vulnerability from github – Published: 2022-02-09 22:20 – Updated: 2023-10-23 19:20Impact
This is critical vulnerability, as it allows to run arbitrary code on any server using superjson input, including a Blitz.js server, without prior authentication or knowledge. Attackers gain full control over the server so they could steal and manipulate data or attack further systems. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. In the case of Blitz.js, it would be at least one RPC call.
Patches
This has been patched in superjson 1.8.1 and Blitz.js 0.45.3.
If you are unable to upgrade to Blitz.js 0.45.3 in a timely manner, you can instead upgrade only superjson to version 1.8.1 using yarn resolutions are similar. Blitz versions < 0.45.3 are only affected because they used superjson versions < 1.8.1.
Workarounds
None
For more information
If you have any questions or comments about this advisory: * Open an issue in https://github.com/blitz-js/superjson * Email us at b@bayer.ws
References
- https://www.sonarsource.com/blog/blitzjs-prototype-pollution/
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "superjson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "blitz"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.45.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-23631"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-09T22:20:49Z",
"nvd_published_at": "2022-02-09T22:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nThis is critical vulnerability, as it allows to run arbitrary code on any server using superjson input, including a Blitz.js server, without prior authentication or knowledge. Attackers gain full control over the server so they could steal and manipulate data or attack further systems. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. In the case of Blitz.js, it would be at least one RPC call. \n\n### Patches\nThis has been patched in superjson 1.8.1 and Blitz.js 0.45.3. \n\nIf you are unable to upgrade to Blitz.js 0.45.3 in a timely manner, you can instead upgrade only superjson to version 1.8.1 using yarn resolutions are similar. Blitz versions \u003c 0.45.3 are only affected because they used superjson versions \u003c 1.8.1.\n\n### Workarounds\nNone\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in https://github.com/blitz-js/superjson\n* Email us at b@bayer.ws\n\n### References\n* https://www.sonarsource.com/blog/blitzjs-prototype-pollution/",
"id": "GHSA-5888-ffcr-r425",
"modified": "2023-10-23T19:20:21Z",
"published": "2022-02-09T22:20:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/blitz-js/superjson/security/advisories/GHSA-5888-ffcr-r425"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23631"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5888-ffcr-r425"
},
{
"type": "PACKAGE",
"url": "https://github.com/blitz-js/superjson"
},
{
"type": "WEB",
"url": "https://www.sonarsource.com/blog/blitzjs-prototype-pollution"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution leading to Remote Code Execution in superjson"
}
GHSA-58G2-9FQR-36Q2
Vulnerability from github – Published: 2021-09-02 22:01 – Updated: 2021-09-10 17:08This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "Proto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23426"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-02T17:04:55Z",
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "HIGH"
},
"details": "This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.",
"id": "GHSA-58g2-9fqr-36q2",
"modified": "2021-09-10T17:08:40Z",
"published": "2021-09-02T22:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23426"
},
{
"type": "PACKAGE",
"url": "https://github.com/adriancmiranda/Proto"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-PROTO-1316301"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/Proto"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in Proto"
}
GHSA-5947-M4FG-XHQG
Vulnerability from github – Published: 2020-09-03 18:08 – Updated: 2020-08-31 18:46Versions of lodash.mergewith before 4.6.1 are vulnerable to Prototype Pollution. The function 'mergeWith' may allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.
Recommendation
Update to version 4.6.1 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "lodash.mergewith"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:46:11Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Versions of `lodash.mergewith` before 4.6.1 are vulnerable to Prototype Pollution. The function \u0027mergeWith\u0027 may allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nUpdate to version 4.6.1 or later.",
"id": "GHSA-5947-m4fg-xhqg",
"modified": "2020-08-31T18:46:11Z",
"published": "2020-09-03T18:08:10Z",
"references": [
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1069"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Prototype Pollution in lodash.mergewith"
}
GHSA-5F97-H2C2-826Q
Vulnerability from github – Published: 2024-05-20 18:31 – Updated: 2024-05-20 21:03A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle(), parse(), resolve(), dereference() functions.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.1.0"
},
"package": {
"ecosystem": "npm",
"name": "@apidevtools/json-schema-ref-parser"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-29651"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-20T21:03:12Z",
"nvd_published_at": "2024-05-20T18:15:10Z",
"severity": "HIGH"
},
"details": "A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the `bundle()`, `parse()`, `resolve()`, `dereference()` functions.",
"id": "GHSA-5f97-h2c2-826q",
"modified": "2024-05-20T21:03:12Z",
"published": "2024-05-20T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29651"
},
{
"type": "WEB",
"url": "https://github.com/APIDevTools/json-schema-ref-parser/commit/8cad7f72c15b198f4d0b5b1c8a3a979b2e4baa82"
},
{
"type": "WEB",
"url": "https://gist.github.com/tariqhawis/5db76b38112bba756615b688c32409ad"
},
{
"type": "PACKAGE",
"url": "https://github.com/APIDevTools/json-schema-ref-parser"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "json-schema-ref-parser Prototype Pollution issue"
}
GHSA-5FGG-JCPF-8JJW
Vulnerability from github – Published: 2026-04-22 17:40 – Updated: 2026-05-13 13:29Summary
Versions of i18next-http-middleware prior to 3.9.3 pass user-controlled lng and ns parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF.
The vulnerable entry points are unauthenticated HTTP handlers that are part of the middleware's public API:
getResourcesHandler— readslng/nsfrom query parameters or route params and passes them unvalidated to:utils.setPath(resources, [lng, ns], ...)— thesetPathhelper did not guard against__proto__,constructor, orprototypekeys, writing intoObject.prototypewhen those values were supplied.i18next.services.backendConnector.load(languages, namespaces, ...)— depending on the configured backend, unvalidated path segments enabled filesystem path traversal (e.g. withi18next-fs-backend) or SSRF (e.g. withi18next-http-backend).- A
namespaces.forEach(ns => i18next.options.ns.push(ns))loop additionally performed permanent, unbounded growth of the shared singleton namespace list. missingKeyHandler— iterated the incoming request body withfor...in, which traverses inherited prototype-chain properties. A POST body like{"__proto__": {"isAdmin": true}}was forwarded intosaveMissing.
Impact
- Prototype pollution — a single unauthenticated request of the form
GET /locales/resources.json?lng=__proto__&ns=isAdminwrites intoObject.prototype, affecting every plain object created subsequently in the Node.js process. This can break authorization checks (if (user.isAdmin)), cause denial of service via type confusion, or be chained into RCE depending on what downstream code reads from polluted objects. - Path traversal / SSRF — with filesystem or HTTP backends that interpolate
lng/nsinto paths or URLs, attacker-controlled values likens=../../etc/passwdorlng=internal-servicecould reach resources outside the intended scope. - Denial of service — the unbounded
i18next.options.nsgrowth, plus repeated backend load calls, enabled memory and CPU exhaustion from unique namespace payloads.
Affected versions
< 3.9.3.
Patch
Fixed in 3.9.3. The patch:
- Blocks
__proto__,constructor, andprototypekeys inutils.setPath. - Replaces the
for...inbody iteration inmissingKeyHandlerwithObject.keys()plus an explicit dangerous-keys guard. - Introduces a
utils.isSafeIdentifierhelper (denylist approach — still permits any legitimate i18next language code shape) that filterslng/nsvalues for path-traversal, path separators, control characters, prototype keys, and over-long inputs before they reach the backend connector and before they are pushed intoi18next.options.ns.
Workarounds
No workaround short of upgrading. Front-proxying the middleware with a WAF rule that rejects requests containing __proto__, constructor, prototype, .., or control characters in lng/ns query parameters or body keys is a partial mitigation.
Credits
Discovered via an internal security audit of the i18next ecosystem.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "i18next-http-middleware"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41690"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T17:40:47Z",
"nvd_published_at": "2026-05-08T16:16:11Z",
"severity": "HIGH"
},
"details": "### Summary\n\nVersions of `i18next-http-middleware` prior to 3.9.3 pass user-controlled `lng` and `ns` parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF.\n\nThe vulnerable entry points are unauthenticated HTTP handlers that are part of the middleware\u0027s public API:\n\n- `getResourcesHandler` \u2014 reads `lng`/`ns` from query parameters or route params and passes them unvalidated to:\n - `utils.setPath(resources, [lng, ns], ...)` \u2014 the `setPath` helper did not guard against `__proto__`, `constructor`, or `prototype` keys, writing into `Object.prototype` when those values were supplied.\n - `i18next.services.backendConnector.load(languages, namespaces, ...)` \u2014 depending on the configured backend, unvalidated path segments enabled filesystem path traversal (e.g. with `i18next-fs-backend`) or SSRF (e.g. with `i18next-http-backend`).\n - A `namespaces.forEach(ns =\u003e i18next.options.ns.push(ns))` loop additionally performed permanent, unbounded growth of the shared singleton namespace list.\n- `missingKeyHandler` \u2014 iterated the incoming request body with `for...in`, which traverses inherited prototype-chain properties. A POST body like `{\"__proto__\": {\"isAdmin\": true}}` was forwarded into `saveMissing`.\n\n### Impact\n\n- **Prototype pollution** \u2014 a single unauthenticated request of the form `GET /locales/resources.json?lng=__proto__\u0026ns=isAdmin` writes into `Object.prototype`, affecting every plain object created subsequently in the Node.js process. This can break authorization checks (`if (user.isAdmin)`), cause denial of service via type confusion, or be chained into RCE depending on what downstream code reads from polluted objects.\n- **Path traversal / SSRF** \u2014 with filesystem or HTTP backends that interpolate `lng`/`ns` into paths or URLs, attacker-controlled values like `ns=../../etc/passwd` or `lng=internal-service` could reach resources outside the intended scope.\n- **Denial of service** \u2014 the unbounded `i18next.options.ns` growth, plus repeated backend load calls, enabled memory and CPU exhaustion from unique namespace payloads.\n\n### Affected versions\n\n`\u003c 3.9.3`.\n\n### Patch\n\nFixed in **3.9.3**. The patch:\n\n1. Blocks `__proto__`, `constructor`, and `prototype` keys in `utils.setPath`.\n2. Replaces the `for...in` body iteration in `missingKeyHandler` with `Object.keys()` plus an explicit dangerous-keys guard.\n3. Introduces a `utils.isSafeIdentifier` helper (denylist approach \u2014 still permits any legitimate i18next language code shape) that filters `lng`/`ns` values for path-traversal, path separators, control characters, prototype keys, and over-long inputs before they reach the backend connector and before they are pushed into `i18next.options.ns`.\n\n### Workarounds\n\nNo workaround short of upgrading. Front-proxying the middleware with a WAF rule that rejects requests containing `__proto__`, `constructor`, `prototype`, `..`, or control characters in `lng`/`ns` query parameters or body keys is a partial mitigation.\n\n### Credits\n\nDiscovered via an internal security audit of the i18next ecosystem.",
"id": "GHSA-5fgg-jcpf-8jjw",
"modified": "2026-05-13T13:29:51Z",
"published": "2026-04-22T17:40:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-5fgg-jcpf-8jjw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41690"
},
{
"type": "PACKAGE",
"url": "https://github.com/i18next/i18next-http-middleware"
},
{
"type": "WEB",
"url": "https://www.i18next.com/how-to/faq#how-should-the-language-codes-be-formatted"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters"
}
GHSA-5J86-7R7M-P8H6
Vulnerability from github – Published: 2026-03-10 00:57 – Updated: 2026-03-10 18:44Impact
An unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The server recurses infinitely, causing a call stack size error that terminates the process.
Other prototype property names bypass Cloud Function dispatch validation and return HTTP 200 responses, even though no such Cloud Functions are defined. The same applies to dot-notation traversal.
All Parse Server deployments that expose the Cloud Function endpoint are affected.
Patches
The internal handler registries for Cloud Functions, Jobs, Triggers, and Validators have been changed to prevent prototype chain properties from being resolved.
Workarounds
Place a reverse proxy or WAF in front of Parse Server and block requests to Object.prototype property names.
References
- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-5j86-7r7m-p8h6
- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.5.1-alpha.2
- Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.13
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.6.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-alpha.1"
},
{
"fixed": "9.5.1-alpha.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-30939"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-10T00:57:57Z",
"nvd_published_at": "2026-03-10T18:18:53Z",
"severity": "HIGH"
},
"details": "### Impact\n\nAn unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The server recurses infinitely, causing a call stack size error that terminates the process.\n\nOther prototype property names bypass Cloud Function dispatch validation and return HTTP 200 responses, even though no such Cloud Functions are defined. The same applies to dot-notation traversal.\n\nAll Parse Server deployments that expose the Cloud Function endpoint are affected.\n\n### Patches\n\nThe internal handler registries for Cloud Functions, Jobs, Triggers, and Validators have been changed to prevent prototype chain properties from being resolved.\n\n### Workarounds\n\nPlace a reverse proxy or WAF in front of Parse Server and block requests to `Object.prototype` property names.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-5j86-7r7m-p8h6\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.5.1-alpha.2\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.13",
"id": "GHSA-5j86-7r7m-p8h6",
"modified": "2026-03-10T18:44:51Z",
"published": "2026-03-10T00:57:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-5j86-7r7m-p8h6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30939"
},
{
"type": "PACKAGE",
"url": "https://github.com/parse-community/parse-server"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/releases/tag/8.6.13"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/releases/tag/9.5.1-alpha.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution"
}
GHSA-5P42-M6F3-HPMJ
Vulnerability from github – Published: 2023-08-17 00:30 – Updated: 2023-08-24 22:28A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "tree-kit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-38894"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-17T19:06:27Z",
"nvd_published_at": "2023-08-16T22:15:13Z",
"severity": "CRITICAL"
},
"details": "A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.",
"id": "GHSA-5p42-m6f3-hpmj",
"modified": "2023-08-24T22:28:41Z",
"published": "2023-08-17T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38894"
},
{
"type": "WEB",
"url": "https://github.com/cronvel/tree-kit/commit/61bf10cf0dbddaeea3f198cfe7cb469f360d82bc"
},
{
"type": "PACKAGE",
"url": "https://github.com/cronvel/tree-kit"
},
{
"type": "WEB",
"url": "https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894"
},
{
"type": "WEB",
"url": "http://tree-kit.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "tree-kit Prototype Pollution vulnerability"
}
Mitigation
By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.
Mitigation
By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.
Mitigation
Strategy: Input Validation
When handling untrusted objects, validating using a schema can be used.
Mitigation
By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.
Mitigation
Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.