Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

781 vulnerabilities reference this CWE, most recent first.

GHSA-992F-WF4W-X36V

Vulnerability from github – Published: 2020-09-01 21:16 – Updated: 2020-08-31 18:33
VLAI
Summary
Prototype Pollution in merge-objects
Details

All versions of merge-objects are vulnerable to Prototype Pollution.

Recommendation

No fix is available for this vulnerability at this time. It is our recommendation to use an alternative package.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "merge-objects"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:33:09Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "All versions of `merge-objects` are vulnerable to Prototype Pollution.\n\n\n## Recommendation\n\nNo fix is available for this vulnerability at this time. It is our recommendation to use an alternative package.",
  "id": "GHSA-992f-wf4w-x36v",
  "modified": "2020-08-31T18:33:09Z",
  "published": "2020-09-01T21:16:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/310706"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/716"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Prototype Pollution in merge-objects"
}

GHSA-9C47-M6QQ-7P4H

Vulnerability from github – Published: 2022-12-29 01:51 – Updated: 2024-02-13 21:31
VLAI
Summary
Prototype Pollution in JSON5 via Parse Method
Details

The parse method of the JSON5 library before and including version 2.2.1 does not restrict parsing of keys named __proto__, allowing specially crafted strings to pollute the prototype of the resulting object.

This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations.

Impact

This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution.

Mitigation

This vulnerability is patched in json5 v2.2.2 and later. A patch has also been backported for json5 v1 in versions v1.0.2 and later.

Details

Suppose a developer wants to allow users and admins to perform some risky operation, but they want to restrict what non-admins can do. To accomplish this, they accept a JSON blob from the user, parse it using JSON5.parse, confirm that the provided data does not set some sensitive keys, and then performs the risky operation using the validated data:

const JSON5 = require('json5');

const doSomethingDangerous = (props) => {
  if (props.isAdmin) {
    console.log('Doing dangerous thing as admin.');
  } else {
    console.log('Doing dangerous thing as user.');
  }
};

const secCheckKeysSet = (obj, searchKeys) => {
  let searchKeyFound = false;
  Object.keys(obj).forEach((key) => {
    if (searchKeys.indexOf(key) > -1) {
      searchKeyFound = true;
    }
  });
  return searchKeyFound;
};

const props = JSON5.parse('{"foo": "bar"}');
if (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) {
  doSomethingDangerous(props); // "Doing dangerous thing as user."
} else {
  throw new Error('Forbidden...');
}

If the user attempts to set the isAdmin key, their request will be rejected:

const props = JSON5.parse('{"foo": "bar", "isAdmin": true}');
if (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) {
  doSomethingDangerous(props);
} else {
  throw new Error('Forbidden...'); // Error: Forbidden...
}

However, users can instead set the __proto__ key to {"isAdmin": true}. JSON5 will parse this key and will set the isAdmin key on the prototype of the returned object, allowing the user to bypass the security check and run their request as an admin:

js const props = JSON5.parse('{"foo": "bar", "__proto__": {"isAdmin": true}}'); if (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) { doSomethingDangerous(props); // "Doing dangerous thing as admin." } else { throw new Error('Forbidden...'); }

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "json5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "json5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-46175"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-29T01:51:03Z",
    "nvd_published_at": "2022-12-24T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "The `parse` method of the JSON5 library before and including version `2.2.1` does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object.\n\nThis vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations.\n\n## Impact\nThis vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution.\n\n## Mitigation\nThis vulnerability is patched in json5 v2.2.2 and later. A patch has also been backported for json5 v1 in versions v1.0.2 and later.\n\n## Details\n \nSuppose a developer wants to allow users and admins to perform some risky operation, but they want to restrict what non-admins can do. To accomplish this, they accept a JSON blob from the user, parse it using `JSON5.parse`, confirm that the provided data does not set some sensitive keys, and then performs the risky operation using the validated data:\n \n```js\nconst JSON5 = require(\u0027json5\u0027);\n\nconst doSomethingDangerous = (props) =\u003e {\n  if (props.isAdmin) {\n    console.log(\u0027Doing dangerous thing as admin.\u0027);\n  } else {\n    console.log(\u0027Doing dangerous thing as user.\u0027);\n  }\n};\n\nconst secCheckKeysSet = (obj, searchKeys) =\u003e {\n  let searchKeyFound = false;\n  Object.keys(obj).forEach((key) =\u003e {\n    if (searchKeys.indexOf(key) \u003e -1) {\n      searchKeyFound = true;\n    }\n  });\n  return searchKeyFound;\n};\n\nconst props = JSON5.parse(\u0027{\"foo\": \"bar\"}\u0027);\nif (!secCheckKeysSet(props, [\u0027isAdmin\u0027, \u0027isMod\u0027])) {\n  doSomethingDangerous(props); // \"Doing dangerous thing as user.\"\n} else {\n  throw new Error(\u0027Forbidden...\u0027);\n}\n```\n \nIf the user attempts to set the `isAdmin` key, their request will be rejected:\n \n```js\nconst props = JSON5.parse(\u0027{\"foo\": \"bar\", \"isAdmin\": true}\u0027);\nif (!secCheckKeysSet(props, [\u0027isAdmin\u0027, \u0027isMod\u0027])) {\n  doSomethingDangerous(props);\n} else {\n  throw new Error(\u0027Forbidden...\u0027); // Error: Forbidden...\n}\n```\n \nHowever, users can instead set the `__proto__` key to `{\"isAdmin\": true}`. `JSON5` will parse this key and will set the `isAdmin` key on the prototype of the returned object, allowing the user to bypass the security check and run their request as an admin:\n \n```js\nconst props = JSON5.parse(\u0027{\"foo\": \"bar\", \"__proto__\": {\"isAdmin\": true}}\u0027);\nif (!secCheckKeysSet(props, [\u0027isAdmin\u0027, \u0027isMod\u0027])) {\n  doSomethingDangerous(props); // \"Doing dangerous thing as admin.\"\n} else {\n  throw new Error(\u0027Forbidden...\u0027);\n}\n ```",
  "id": "GHSA-9c47-m6qq-7p4h",
  "modified": "2024-02-13T21:31:39Z",
  "published": "2022-12-29T01:51:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
    },
    {
      "type": "WEB",
      "url": "https://github.com/json5/json5/issues/199"
    },
    {
      "type": "WEB",
      "url": "https://github.com/json5/json5/issues/295"
    },
    {
      "type": "WEB",
      "url": "https://github.com/json5/json5/pull/298"
    },
    {
      "type": "WEB",
      "url": "https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972"
    },
    {
      "type": "WEB",
      "url": "https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/json5/json5"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in JSON5 via Parse Method"
}

GHSA-9CCR-FPP6-78QF

Vulnerability from github – Published: 2026-03-17 18:37 – Updated: 2026-03-19 21:13
VLAI
Summary
Parse Server vulnerable to schema poisoning via prototype pollution in deep copy
Details

Impact

An attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that exploits prototype pollution in the deep copy mechanism. This allows injecting fields into class schemas that have field addition locked down, and can cause permanent schema type conflicts that cannot be resolved even with the master key.

Patches

The vulnerable third-party deep copy library has been replaced with a built-in deep clone mechanism that handles prototype properties safely, allowing the existing denylist check to correctly detect and reject the prohibited keyword.

Workarounds

None.

Vulnerability Independence

This vulnerability is not caused by or dependent on a vulnerability in a third-party dependency.

The third-party deepcopy library that was replaced in the fix has no known CVE or security advisory regarding this. The library functions as designed. It is not vulnerable.

The vulnerability is in parse-server's own request processing logic. Parse-server's security-critical keyword denylist check runs after the deep copy step in the request pipeline. The deep copy step strips __proto__ properties as a normal part of its cloning behavior, which means the denylist check never sees the prohibited key. This allows an attacker to bypass both the denylist protection and class-level permissions for adding fields, resulting in schema poisoning.

The root cause is parse-server's reliance on a cloning mechanism that alters the shape of the data before the security check can inspect it. This is a logic flaw in parse-server's security pipeline, not a vulnerability in a dependency. Replacing the cloning mechanism was the fix for parse-server's own bug.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.6.0-alpha.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.6.44"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32878"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-17T18:37:08Z",
    "nvd_published_at": "2026-03-18T22:16:25Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nAn attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that exploits prototype pollution in the deep copy mechanism. This allows injecting fields into class schemas that have field addition locked down, and can cause permanent schema type conflicts that cannot be resolved even with the master key.\n\n### Patches\n\nThe vulnerable third-party deep copy library has been replaced with a built-in deep clone mechanism that handles prototype properties safely, allowing the existing denylist check to correctly detect and reject the prohibited keyword.\n\n### Workarounds\n\nNone.\n\n### Vulnerability Independence\n\nThis vulnerability is not caused by or dependent on a vulnerability in a third-party dependency.\n\nThe third-party `deepcopy` library that was replaced in the fix has no known CVE or security advisory regarding this. The library functions as designed. It is not vulnerable.\n\nThe vulnerability is in parse-server\u0027s own request processing logic. Parse-server\u0027s security-critical keyword denylist check runs after the deep copy step in the request pipeline. The deep copy step strips `__proto__` properties as a normal part of its cloning behavior, which means the denylist check never sees the prohibited key. This allows an attacker to bypass both the denylist protection and class-level permissions for adding fields, resulting in schema poisoning.\n\nThe root cause is parse-server\u0027s reliance on a cloning mechanism that alters the shape of the data before the security check can inspect it. This is a logic flaw in parse-server\u0027s security pipeline, not a vulnerability in a dependency. Replacing the cloning mechanism was the fix for parse-server\u0027s own bug.",
  "id": "GHSA-9ccr-fpp6-78qf",
  "modified": "2026-03-19T21:13:38Z",
  "published": "2026-03-17T18:37:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-9ccr-fpp6-78qf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32878"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/pull/10200"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/pull/10201"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Parse Server vulnerable to schema poisoning via prototype pollution in deep copy"
}

GHSA-9F2H-7V79-MXW3

Vulnerability from github – Published: 2025-10-14 22:24 – Updated: 2025-10-14 22:24
VLAI
Summary
Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs
Details

Summary

Prototype pollution capabilities on various APIs.

Details

Injection of malicious payload allows attacker to remotely execute arbitrary code. Parse.Object and internal APIs are affected, specifically: - ParseObject.fromJSON - ParseObject.pin - ParseObject.registerSubclass - ObjectStateMutations (internal) - encode/decode (internal)

PoC

Demonstrative tests added as part of the fix.

References

  • https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-9f2h-7v79-mxw3
  • Patch https://github.com/parse-community/Parse-SDK-JS/releases/tag/7.0.0-alpha.1
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-62374"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-14T22:24:10Z",
    "nvd_published_at": "2025-10-14T20:15:53Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nPrototype pollution capabilities on various APIs.\n\n### Details\n\nInjection of malicious payload allows attacker to remotely execute arbitrary code. `Parse.Object` and internal APIs are affected, specifically:\n- `ParseObject.fromJSON`\n- `ParseObject.pin`\n- `ParseObject.registerSubclass`\n- `ObjectStateMutations` (internal)\n- `encode`/`decode` (internal)\n\n### PoC\n\nDemonstrative tests added as part of the fix.\n\n### References\n\n- https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-9f2h-7v79-mxw3\n- Patch https://github.com/parse-community/Parse-SDK-JS/releases/tag/7.0.0-alpha.1",
  "id": "GHSA-9f2h-7v79-mxw3",
  "modified": "2025-10-14T22:24:10Z",
  "published": "2025-10-14T22:24:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-9f2h-7v79-mxw3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62374"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/Parse-SDK-JS/pull/2749"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/Parse-SDK-JS/commit/00973987f361368659c0c4dbf669f3897520b132"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/Parse-SDK-JS"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/Parse-SDK-JS/releases/tag/7.0.0-alpha.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs"
}

GHSA-9FP7-4FJM-Q3MF

Vulnerability from github – Published: 2022-02-01 00:51 – Updated: 2022-01-31 19:46
VLAI
Summary
Prototype Pollution in keyget
Details

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "keyget"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23760"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-31T19:46:10Z",
    "nvd_published_at": "2022-01-28T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)",
  "id": "GHSA-9fp7-4fjm-q3mf",
  "modified": "2022-01-31T19:46:10Z",
  "published": "2022-02-01T00:51:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23760"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rumkin/keyget"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in keyget"
}

GHSA-9G8M-V378-PCG3

Vulnerability from github – Published: 2025-09-24 21:30 – Updated: 2025-11-27 08:57
VLAI
Summary
parse is vulnerable to prototype pollution
Details

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0-alpha.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-57324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-26T12:57:00Z",
    "nvd_published_at": "2025-09-24T21:15:32Z",
    "severity": "MODERATE"
  },
  "details": "parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.",
  "id": "GHSA-9g8m-v378-pcg3",
  "modified": "2025-11-27T08:57:14Z",
  "published": "2025-09-24T21:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57324"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/Parse-SDK-JS/commit/9e7c1bad472b1ed2463cbac567b8ec752ae5b4c9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/parse%405.3.0/index.js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57324"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/Parse-SDK-JS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "parse is vulnerable to prototype pollution"
}

GHSA-9GXR-RHX6-4JGV

Vulnerability from github – Published: 2020-09-04 15:18 – Updated: 2020-08-31 18:55
VLAI
Summary
Sandbox Breakout / Prototype Pollution in notevil
Details

Versions of notevil prior to 1.3.3 are vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing attacker to add or modify an object's prototype.

Evaluating the payload try{a[b];}catch(e){e.constructor.constructor('return __proto__.arguments.callee.__proto__.polluted=true')()} add the polluted property to Function.

Recommendation

Upgrade to version 1.3.3 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "notevil"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:55:36Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Versions of `notevil` prior to 1.3.3 are vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing attacker to add or modify an object\u0027s prototype.\n\nEvaluating the payload ```try{a[b];}catch(e){e.constructor.constructor(\u0027return __proto__.arguments.callee.__proto__.polluted=true\u0027)()}``` add the `polluted` property to Function.\n\n\n## Recommendation\n\nUpgrade to version 1.3.3 or later.",
  "id": "GHSA-9gxr-rhx6-4jgv",
  "modified": "2020-08-31T18:55:36Z",
  "published": "2020-09-04T15:18:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1338"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Sandbox Breakout / Prototype Pollution in notevil"
}

GHSA-9J5Q-479X-43G2

Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-08-05 14:27
VLAI
Summary
@stryker-mutator/util vulnerable to Prototype Pollution
Details

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@stryker-mutator/util"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-57085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-05T14:27:29Z",
    "nvd_published_at": "2025-02-05T22:15:32Z",
    "severity": "HIGH"
  },
  "details": "A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.",
  "id": "GHSA-9j5q-479x-43g2",
  "modified": "2025-08-05T14:27:29Z",
  "published": "2025-02-06T06:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57085"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stryker-mutator/stryker-js/issues/5144"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stryker-mutator/stryker-js/commit/f7b34bfbbde33e45bc213a2f6058bf0c5bf6bce7"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/tariqhawis/f59355f62dad6f8b53b42317f143ba0c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/stryker-mutator/stryker-js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stryker-mutator/stryker-js/blob/7270f111ff36d6b18669302f5702fd42f664d53e/CHANGELOG.md#871-2024-12-11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@stryker-mutator/util vulnerable to Prototype Pollution"
}

GHSA-9M6G-WC8R-Q59C

Vulnerability from github – Published: 2026-06-22 22:57 – Updated: 2026-06-22 22:57
VLAI
Summary
scimPatch vulnerable to prototype pollution via unfiltered keys in patch
Details

Summary

scim-patch performs prototype pollution when applying a SCIM PATCH operation whose value object contains a key like "__proto__.someProp". After one such patch, Object.prototype.someProp is set process-wide, affecting every plain object in the Node process.

Any service that calls scimPatch() on attacker-controlled JSON (i.e. any SCIM endpoint accepting PATCH from an external IdP) is exploitable on a stock Node runtime.

Impact

  • Class: Prototype pollution (CWE-1321)
  • Affected versions: <= 0.9.0 (current HEAD 871b1e2)
  • Attack vector: Network — sent as part of a normal SCIM PATCH /Users/:id request body.
  • Privileges required: Whatever the SCIM endpoint requires. For most integrations that's a provisioned IdP, which is "low" in CVSS terms (any authenticated provisioning client).
  • Scope: Changed — the bug is in a SCIM library but the side effect (Object.prototype mutation) leaks into the entire Node process.

Downstream consequences depend on what other code reads from plain objects. Realistic outcomes observed in similar bugs: - Privilege escalation if any auth/middleware code checks actor.isAdmin / req.user.admin / similar boolean flags against a plain object that expects the key to be absent. - Logic bypass / DoS if any code branches on obj.name, obj.type, obj.id etc. against plain objects (e.g. pg's prepared-statement naming check — a real incident at one consumer). - Persistence: lasts until the Node process restarts, so the blast radius is every request that container handles after the pollution.

Root cause

In src/scimPatch.ts:415-427, addOrReplaceObjectAttribute iterates the user-supplied patch.value with Object.entries and feeds each key to resolvePaths, which splits on .:

function addOrReplaceObjectAttribute(property: any, patch: ScimPatchAddReplaceOperation, multiValuedPathFilter?: boolean): any {
    if (typeof patch.value !== 'object') { ... }

    // src/scimPatch.ts:423-427
    for (const [key, value] of Object.entries(patch.value)) {
        assign(property, resolvePaths(key), value, patch.op);
    }
    return property;
}

assign then walks the resulting key path with no filtering on dangerous keys (src/scimPatch.ts:437-445):

function assign(obj: any, keyPath: Array<string>, value: any, op: string) {
    const lastKeyIndex = keyPath.length - 1;
    for (let i = 0; i < lastKeyIndex; ++i) {
        const key = keyPath[i];
        if (!(key in obj)) {
            obj[key] = {};
        }
        obj = obj[key];   // ← obj["__proto__"] === Object.prototype
    }
    // ... assigns into Object.prototype
}

For keyPath = ["__proto__", "polluted"]: - "__proto__" in obj is always true, so the fresh-object branch is skipped. - obj = obj["__proto__"] now points to Object.prototype. - The final write lands on Object.prototype.polluted.

The same shape works for constructor.prototype keys.

Proof of concept

Drop this in test/prototypePollution.test.ts and run npm run build && npx mocha lib/test/prototypePollution.test.js. Both tests pass against HEAD 871b1e2:

import { scimPatch } from '../src/scimPatch';
import { ScimUser } from './types/types.test';
import { expect } from 'chai';

describe('Prototype pollution via scim-patch', () => {
    let scimUser: ScimUser;

    beforeEach(() => {
        scimUser = JSON.parse(`{
          "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
          "id": "tea_4",
          "userName": "spiderman",
          "name": { "familyName": "Parker", "givenName": "Peter" },
          "active": true,
          "emails": [{ "value": "spiderman@superheroes.com", "primary": true }],
          "roles": [],
          "meta": { "resourceType": "User", "created": "x", "lastModified": "x", "location": "x" }
        }`);
    });

    afterEach(() => {
        delete (Object.prototype as any).polluted;
        delete (Object.prototype as any).isAdmin;
    });

    it('pollutes Object.prototype via a value-key containing __proto__', () => {
        expect(({} as any).polluted).to.equal(undefined);

        scimPatch(scimUser, [{
            op: 'add',
            path: 'name',
            value: { '__proto__.polluted': 'yes' }
        }]);

        expect((Object.prototype as any).polluted).to.equal('yes');
        expect(({} as any).polluted).to.equal('yes');
    });

    it('elevates Object.prototype.isAdmin — the admin-escalation shape', () => {
        expect(({} as any).isAdmin).to.equal(undefined);

        scimPatch(scimUser, [{
            op: 'add',
            path: 'name',
            value: { '__proto__.isAdmin': true }
        }]);

        expect((Object.prototype as any).isAdmin).to.equal(true);
        expect(({} as any).isAdmin).to.equal(true);
    });
});

Suggested fix

Reject the three dangerous keys in assign() before the walk. Minimal patch:

const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);

function assign(obj: any, keyPath: Array<string>, value: any, op: string) {
    for (const key of keyPath) {
        if (DANGEROUS_KEYS.has(key)) {
            throw new InvalidScimPatchOp(`Forbidden key in patch path: ${key}`);
        }
    }
    // ... existing logic
}

Alternative, slightly safer: switch the walk target to Object.create(null) nodes when creating intermediate objects, and use Object.defineProperty(obj, key, { value, enumerable: true, configurable: true, writable: true }) instead of obj[key] = value for the final write. That defends against future prototype-walking sinks even if a key sneaks past the denylist.

Either approach is a non-breaking change — legitimate SCIM clients never send these keys.

Mitigation for consumers who can't upgrade immediately

Calling Object.freeze(Object.prototype) (and the same on Array.prototype, Function.prototype) at process startup neutralizes this class of bug — assignment to a frozen prototype becomes a silent no-op in sloppy mode or a TypeError in strict mode. Node's --frozen-intrinsics flag does this for built-ins automatically.

Credit

Discovered by Lee Wang (Notion). Reported by David Wu (Notion).

Report authored by Claude. Reviewed by David Wu.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.9.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "scim-patch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48170"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-22T22:57:48Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "## Summary\n\n`scim-patch` performs prototype pollution when applying a SCIM PATCH operation whose `value` object contains a key like `\"__proto__.someProp\"`. After one such patch,\n`Object.prototype.someProp` is set process-wide, affecting every plain object in the Node process.\n\nAny service that calls `scimPatch()` on attacker-controlled JSON (i.e. any SCIM endpoint accepting `PATCH` from an external IdP) is exploitable on a stock Node runtime.\n\n## Impact\n\n- **Class:** Prototype pollution ([CWE-1321](https://cwe.mitre.org/data/definitions/1321.html))\n- **Affected versions:** `\u003c= 0.9.0` (current HEAD `871b1e2`)\n- **Attack vector:** Network \u2014 sent as part of a normal SCIM `PATCH /Users/:id` request body.\n- **Privileges required:** Whatever the SCIM endpoint requires. For most integrations that\u0027s a provisioned IdP, which is \"low\" in CVSS terms (any authenticated provisioning client).\n- **Scope:** Changed \u2014 the bug is in a SCIM library but the side effect (`Object.prototype` mutation) leaks into the entire Node process.\n\nDownstream consequences depend on what other code reads from plain objects. Realistic outcomes observed in similar bugs:\n- **Privilege escalation** if any auth/middleware code checks `actor.isAdmin` / `req.user.admin` / similar boolean flags against a plain object that *expects* the key to be absent.\n- **Logic bypass / DoS** if any code branches on `obj.name`, `obj.type`, `obj.id` etc. against plain objects (e.g. `pg`\u0027s prepared-statement naming check \u2014 a real incident at one consumer).\n- **Persistence:** lasts until the Node process restarts, so the blast radius is *every* request that container handles after the pollution.\n\n## Root cause\n\nIn `src/scimPatch.ts:415-427`, `addOrReplaceObjectAttribute` iterates the user-supplied `patch.value` with `Object.entries` and feeds each key to `resolvePaths`, which splits on `.`:\n\n```ts\nfunction addOrReplaceObjectAttribute(property: any, patch: ScimPatchAddReplaceOperation, multiValuedPathFilter?: boolean): any {\n    if (typeof patch.value !== \u0027object\u0027) { ... }\n\n    // src/scimPatch.ts:423-427\n    for (const [key, value] of Object.entries(patch.value)) {\n        assign(property, resolvePaths(key), value, patch.op);\n    }\n    return property;\n}\n```\n\n`assign` then walks the resulting key path with no filtering on dangerous keys (`src/scimPatch.ts:437-445`):\n\n```ts\nfunction assign(obj: any, keyPath: Array\u003cstring\u003e, value: any, op: string) {\n    const lastKeyIndex = keyPath.length - 1;\n    for (let i = 0; i \u003c lastKeyIndex; ++i) {\n        const key = keyPath[i];\n        if (!(key in obj)) {\n            obj[key] = {};\n        }\n        obj = obj[key];   // \u2190 obj[\"__proto__\"] === Object.prototype\n    }\n    // ... assigns into Object.prototype\n}\n```\n\nFor `keyPath = [\"__proto__\", \"polluted\"]`:\n- `\"__proto__\" in obj` is always true, so the fresh-object branch is skipped.\n- `obj = obj[\"__proto__\"]` now points to `Object.prototype`.\n- The final write lands on `Object.prototype.polluted`.\n\nThe same shape works for `constructor.prototype` keys.\n\n## Proof of concept\n\nDrop this in `test/prototypePollution.test.ts` and run `npm run build \u0026\u0026 npx mocha lib/test/prototypePollution.test.js`. Both tests pass against HEAD `871b1e2`:\n\n```ts\nimport { scimPatch } from \u0027../src/scimPatch\u0027;\nimport { ScimUser } from \u0027./types/types.test\u0027;\nimport { expect } from \u0027chai\u0027;\n\ndescribe(\u0027Prototype pollution via scim-patch\u0027, () =\u003e {\n    let scimUser: ScimUser;\n\n    beforeEach(() =\u003e {\n        scimUser = JSON.parse(`{\n          \"schemas\": [\"urn:ietf:params:scim:schemas:core:2.0:User\"],\n          \"id\": \"tea_4\",\n          \"userName\": \"spiderman\",\n          \"name\": { \"familyName\": \"Parker\", \"givenName\": \"Peter\" },\n          \"active\": true,\n          \"emails\": [{ \"value\": \"spiderman@superheroes.com\", \"primary\": true }],\n          \"roles\": [],\n          \"meta\": { \"resourceType\": \"User\", \"created\": \"x\", \"lastModified\": \"x\", \"location\": \"x\" }\n        }`);\n    });\n\n    afterEach(() =\u003e {\n        delete (Object.prototype as any).polluted;\n        delete (Object.prototype as any).isAdmin;\n    });\n\n    it(\u0027pollutes Object.prototype via a value-key containing __proto__\u0027, () =\u003e {\n        expect(({} as any).polluted).to.equal(undefined);\n\n        scimPatch(scimUser, [{\n            op: \u0027add\u0027,\n            path: \u0027name\u0027,\n            value: { \u0027__proto__.polluted\u0027: \u0027yes\u0027 }\n        }]);\n\n        expect((Object.prototype as any).polluted).to.equal(\u0027yes\u0027);\n        expect(({} as any).polluted).to.equal(\u0027yes\u0027);\n    });\n\n    it(\u0027elevates Object.prototype.isAdmin \u2014 the admin-escalation shape\u0027, () =\u003e {\n        expect(({} as any).isAdmin).to.equal(undefined);\n\n        scimPatch(scimUser, [{\n            op: \u0027add\u0027,\n            path: \u0027name\u0027,\n            value: { \u0027__proto__.isAdmin\u0027: true }\n        }]);\n\n        expect((Object.prototype as any).isAdmin).to.equal(true);\n        expect(({} as any).isAdmin).to.equal(true);\n    });\n});\n```\n\n## Suggested fix\n\nReject the three dangerous keys in `assign()` before the walk. Minimal patch:\n\n```ts\nconst DANGEROUS_KEYS = new Set([\u0027__proto__\u0027, \u0027constructor\u0027, \u0027prototype\u0027]);\n\nfunction assign(obj: any, keyPath: Array\u003cstring\u003e, value: any, op: string) {\n    for (const key of keyPath) {\n        if (DANGEROUS_KEYS.has(key)) {\n            throw new InvalidScimPatchOp(`Forbidden key in patch path: ${key}`);\n        }\n    }\n    // ... existing logic\n}\n```\n\nAlternative, slightly safer: switch the walk target to `Object.create(null)` nodes when creating intermediate objects, and use `Object.defineProperty(obj, key, { value, enumerable: true, configurable: true, writable: true })` instead of `obj[key] = value` for the final write. That defends against future prototype-walking sinks even if a key sneaks past the denylist.\n\nEither approach is a non-breaking change \u2014 legitimate SCIM clients never send these keys.\n\n## Mitigation for consumers who can\u0027t upgrade immediately\n\nCalling `Object.freeze(Object.prototype)` (and the same on `Array.prototype`, `Function.prototype`) at process startup neutralizes this class of bug \u2014 assignment to a frozen prototype becomes a silent no-op in sloppy mode or a `TypeError` in strict mode. Node\u0027s `--frozen-intrinsics` flag does this for built-ins automatically.\n\n## Credit\n\nDiscovered by **Lee Wang (Notion)**. Reported by **David Wu (Notion)**.\n\nReport authored by **Claude**. Reviewed by **David Wu**.",
  "id": "GHSA-9m6g-wc8r-q59c",
  "modified": "2026-06-22T22:57:48Z",
  "published": "2026-06-22T22:57:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/thomaspoignant/scim-patch/security/advisories/GHSA-9m6g-wc8r-q59c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thomaspoignant/scim-patch/commit/260f9cd2ac5ceac3976978850bb47dcb391720f6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/thomaspoignant/scim-patch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "scimPatch vulnerable to prototype pollution via unfiltered keys in patch"
}

GHSA-9M93-W8W6-76HH

Vulnerability from github – Published: 2023-07-17 03:30 – Updated: 2023-07-18 16:57
VLAI
Summary
Mongoose Prototype Pollution vulnerability
Details

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "mongoose"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "mongoose"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.11.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "mongoose"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.13.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-3696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-18T16:57:08Z",
    "nvd_published_at": "2023-07-17T01:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20.",
  "id": "GHSA-9m93-w8w6-76hh",
  "modified": "2023-07-18T16:57:08Z",
  "published": "2023-07-17T03:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3696"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Automattic/mongoose/commit/e29578d2ec18a68aeb4717d66dd5eb66bae53de1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Automattic/mongoose/commit/f1efabf350522257364aa5c2cb36e441cf08f1a2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/automattic/mongoose/commit/305ce4ff789261df7e3f6e72363d0703e025f80d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Automattic/mongoose"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Automattic/mongoose/releases/tag/7.3.3"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/1eef5a72-f6ab-4f61-b31d-fc66f5b4b467"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Mongoose Prototype Pollution vulnerability"
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.