Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

779 vulnerabilities reference this CWE, most recent first.

GHSA-PP75-XFPW-37G9

Vulnerability from github – Published: 2021-05-10 19:16 – Updated: 2021-04-19 22:57
VLAI
Summary
Prototype pollution in grpc and @grpc/grpc-js
Details

"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "grpc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.24.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@grpc/grpc-js"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7768"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-19T22:57:05Z",
    "nvd_published_at": "2020-11-11T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "\"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.\"",
  "id": "GHSA-pp75-xfpw-37g9",
  "modified": "2021-04-19T22:57:05Z",
  "published": "2021-05-10T19:16:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7768"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grpc/grpc-node/pull/1605"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grpc/grpc-node/pull/1606"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grpc/grpc-node/releases/tag/grpc%401.24.4"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038819"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-GRPC-598671"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-GRPCGRPCJS-1038818"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/@grpc/grpc-js"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/grpc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype pollution in grpc and @grpc/grpc-js"
}

GHSA-PQWC-3VHW-QCVQ

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2024-02-01 21:00
VLAI
Summary
shvl vulnerable to prototype pollution
Details

Overview

Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

Details

The NPM module 'shvl' can be abused by Prototype Pollution vulnerability since the function 'set()' did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.

PoC Details

The 'set()' function accepts four arguments object, path, val, obj. Due to the absence of validation, at values passed into path, val arguments, an attacker can supply a malicious value by adjusting the path value to include the __proto__ property. Since there is no validation before assigning property to check whether the assigned path is the Object's own property or not, the property isAdmin will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate isAdmin the valued would be substituted as "true" as it had been polluted.

const shvl = require('shvl');
var obj = {}
console.log("Before : " + obj.isAdmin);
shvl.set(obj, '__proto__.isAdmin', true);
console.log("After : " + obj.isAdmin);

Affected Environments

1.0.0-2.0.1

Remediation

There are a couple of ways to mitigate prototype pollution vulnerabilities, for example: Most of the cases can be solved by freezing an object which doesn’t allow to add, remove, or change its properties. Validating the JSON input with schema validation, this guarantees that the JSON input contains only predefined attributes. We can change the objects, so they won’t have any prototype association by using “Object.create”.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "shvl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-28278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-01T21:00:24Z",
    "nvd_published_at": "2020-12-29T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Overview\nPrototype pollution vulnerability in \u0027shvl\u0027 versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.\n\n### Details\nThe NPM module \u0027shvl\u0027 can be abused by Prototype Pollution vulnerability since the function \u0027set()\u0027 did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.\n\n### PoC Details\nThe \u0027set()\u0027 function accepts four arguments `object, path, val, obj`. Due to the absence of validation, at values passed into `path, val` arguments, an attacker can supply a malicious value by adjusting the `path` value to include the `__proto__` property. Since there is no validation before assigning property to check whether the assigned `path` is the Object\u0027s own property or not, the property `isAdmin` will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate `isAdmin` the valued would be substituted as \"true\" as it had been polluted.\n\n```js\nconst shvl = require(\u0027shvl\u0027);\nvar obj = {}\nconsole.log(\"Before : \" + obj.isAdmin);\nshvl.set(obj, \u0027__proto__.isAdmin\u0027, true);\nconsole.log(\"After : \" + obj.isAdmin);\n```\n\n### Affected Environments\n1.0.0-2.0.1\n\n### Remediation\nThere are a couple of ways to mitigate prototype pollution vulnerabilities, for example: Most of the cases can be solved by freezing an object which doesn\u2019t allow to add, remove, or change its properties. Validating the JSON input with schema validation, this guarantees that the JSON input contains only predefined attributes. We can change the objects, so they won\u2019t have any prototype association by using \u201cObject.create\u201d.",
  "id": "GHSA-pqwc-3vhw-qcvq",
  "modified": "2024-02-01T21:00:24Z",
  "published": "2022-05-24T17:37:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28278"
    },
    {
      "type": "WEB",
      "url": "https://github.com/robinvdvleuten/shvl/issues/34"
    },
    {
      "type": "WEB",
      "url": "https://github.com/robinvdvleuten/shvl/pull/36"
    },
    {
      "type": "WEB",
      "url": "https://github.com/robinvdvleuten/shvl/commit/513c0848774dfb114ad0d0554abf7927cfdd569e"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210320222933/https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28278"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "shvl vulnerable to prototype pollution"
}

GHSA-PRC2-X3QX-38M9

Vulnerability from github – Published: 2026-06-18 00:32 – Updated: 2026-06-18 00:32
VLAI
Details

ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53676"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T23:17:04Z",
    "severity": "HIGH"
  },
  "details": "ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).",
  "id": "GHSA-prc2-x3qx-38m9",
  "modified": "2026-06-18T00:32:37Z",
  "published": "2026-06-18T00:32:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53676"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thingsboard/thingsboard/pull/15600"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN16937365"
    },
    {
      "type": "WEB",
      "url": "https://thingsboard.io/docs/releases/releases-table"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PRM5-8G2M-24GG

Vulnerability from github – Published: 2022-11-08 17:29 – Updated: 2022-11-09 00:04
VLAI
Summary
Remote code execution via MongoDB BSON parser through prototype pollution
Details

Impact

An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser.

Patches

Prevent prototype pollution in MongoDB database adapter.

Workarounds

Disable remote code execution through the MongoDB BSON parser.

Collaborators

Mikhail Shcherbakov (KTH), Cristian-Alexandru Staicu (CISPA) and Musard Balliu (KTH) working with Trend Micro Zero Day Initiative

References

  • https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.10.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39396"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-08T17:29:16Z",
    "nvd_published_at": "2022-11-10T01:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nAn attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. \n\n### Patches\n\nPrevent prototype pollution in MongoDB database adapter.\n\n### Workarounds\n\nDisable remote code execution through the MongoDB BSON parser.\n\n### Collaborators\n\nMikhail Shcherbakov (KTH), Cristian-Alexandru Staicu (CISPA) and Musard Balliu (KTH) working with Trend Micro Zero Day Initiative\n\n### References\n\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg\n",
  "id": "GHSA-prm5-8g2m-24gg",
  "modified": "2022-11-09T00:04:54Z",
  "published": "2022-11-08T17:29:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39396"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/pull/8295"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/pull/8296"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/4.10.18"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/5.3.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Remote code execution via MongoDB BSON parser through prototype pollution"
}

GHSA-PWJ4-F48Q-V2H2

Vulnerability from github – Published: 2026-06-26 15:32 – Updated: 2026-06-27 21:30
VLAI
Details

In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T14:17:07Z",
    "severity": "LOW"
  },
  "details": "In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack",
  "id": "GHSA-pwj4-f48q-v2h2",
  "modified": "2026-06-27T21:30:29Z",
  "published": "2026-06-26T15:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57926"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWM7-QR6J-3VJG

Vulnerability from github – Published: 2022-01-12 22:56 – Updated: 2022-01-11 18:14
VLAI
Summary
Prototype Pollution in realms-shim
Details

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "realms-shim"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23594"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-11T18:14:15Z",
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "CRITICAL"
  },
  "details": "All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.",
  "id": "GHSA-pwm7-qr6j-3vjg",
  "modified": "2022-01-11T18:14:15Z",
  "published": "2022-01-12T22:56:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23594"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Agoric/realms-shim"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309907"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/realms-shim"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in realms-shim"
}

GHSA-Q4J7-V27R-FGCX

Vulnerability from github – Published: 2022-01-13 15:00 – Updated: 2022-01-11 18:13
VLAI
Summary
Prototype Pollution in realms-shim
Details

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "realms-shim"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-11T18:13:17Z",
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "CRITICAL"
  },
  "details": "All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.",
  "id": "GHSA-q4j7-v27r-fgcx",
  "modified": "2022-01-11T18:13:17Z",
  "published": "2022-01-13T15:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23543"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Agoric/realms-shim"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309908"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/realms-shim"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in realms-shim"
}

GHSA-Q4XC-7CW8-CGFJ

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2024-02-01 21:04
VLAI
Summary
dset vulnerable to prototype pollution
Details

Overview

Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

Details

The NPM module 'dset' can be abused by Prototype Pollution vulnerability since the function ‘export ()' did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.

PoC

The export function accepts three arguments obj, keys, val. Due to the absence of validation, at values passed into keys, val arguments, an attacker can supply a malicious value by adjusting the keys value to include the __proto__ property. Since there is no validation before assigning property to check whether the assigned keys is the Object's own property or not, the property isAdmin will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate isAdmin the valued would be substituted as "true" as it had been polluted.

const dset = require('dset');
var obj = {}
console.log("Before : " + obj.isAdmin);
dset(obj, '__proto__.polluted', true);
console.log("After : " + obj.polluted);
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "dset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-28277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-01T21:04:19Z",
    "nvd_published_at": "2020-12-29T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Overview\nPrototype pollution vulnerability in \u0027dset\u0027 versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.\n\n### Details\nThe NPM module \u0027dset\u0027 can be abused by Prototype Pollution vulnerability since the function \u2018export ()\u0027 did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.\n\n### PoC\nThe export function accepts three arguments `obj, keys, val`. Due to the absence of validation, at values passed into `keys, val` arguments, an attacker can supply a malicious value by adjusting the `keys` value to include the `__proto__` property. Since there is no validation before assigning property to check whether the assigned `keys` is the Object\u0027s own property or not, the property `isAdmin` will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate `isAdmin` the valued would be substituted as \"true\" as it had been polluted.\n\n```js\nconst dset = require(\u0027dset\u0027);\nvar obj = {}\nconsole.log(\"Before : \" + obj.isAdmin);\ndset(obj, \u0027__proto__.polluted\u0027, true);\nconsole.log(\"After : \" + obj.polluted);\n```\n",
  "id": "GHSA-q4xc-7cw8-cgfj",
  "modified": "2024-02-01T21:04:19Z",
  "published": "2022-05-24T17:37:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28277"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lukeed/dset/issues/11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lukeed/dset/commit/2b9ec49e231107b1a83b04a1bc1a66a8d14cea1c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lukeed/dset/blob/50a6ead172d1466a96035eff00f8eb465ccd050a/src/index.js#L6"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210104204657/https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28277"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "dset vulnerable to prototype pollution"
}

GHSA-Q5F4-99JV-PGG5

Vulnerability from github – Published: 2026-04-29 21:25 – Updated: 2026-05-08 01:31
VLAI
Summary
n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE
Details

Impact

A flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node's SSH operations, achieve remote code execution on the n8n host.

Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creation and editing permissions to fully trusted users only.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.


n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.123.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.18.0"
            },
            {
              "fixed": "2.18.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.17.0"
            },
            {
              "fixed": "2.17.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T21:25:02Z",
    "nvd_published_at": "2026-05-04T19:16:05Z",
    "severity": "CRITICAL"
  },
  "details": "## Impact\nA flaw in the `xml2js` library used to parse XML request bodies in n8n\u0027s webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node\u0027s SSH operations, achieve remote code execution on the n8n host.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "id": "GHSA-q5f4-99jv-pgg5",
  "modified": "2026-05-08T01:31:38Z",
  "published": "2026-04-29T21:25:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42231"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE"
}

GHSA-Q5J8-9M9G-X2JH

Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 23:30
VLAI
Summary
module-from-string prototype pollution
Details

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "module-from-string"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-57072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-06T23:30:54Z",
    "nvd_published_at": "2025-02-05T22:15:31Z",
    "severity": "HIGH"
  },
  "details": "A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.",
  "id": "GHSA-q5j8-9m9g-x2jh",
  "modified": "2025-02-06T23:30:54Z",
  "published": "2025-02-06T06:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57072"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/tariqhawis/8b1fe301dd1ea52952cef347daddee67"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/exuanbo/module-from-string"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "module-from-string prototype pollution"
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.