CWE-1321
AllowedImproperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Abstraction: Variant · Status: Incomplete
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
779 vulnerabilities reference this CWE, most recent first.
GHSA-PP75-XFPW-37G9
Vulnerability from github – Published: 2021-05-10 19:16 – Updated: 2021-04-19 22:57"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "grpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@grpc/grpc-js"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7768"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-915"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-19T22:57:05Z",
"nvd_published_at": "2020-11-11T11:15:00Z",
"severity": "HIGH"
},
"details": "\"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.\"",
"id": "GHSA-pp75-xfpw-37g9",
"modified": "2021-04-19T22:57:05Z",
"published": "2021-05-10T19:16:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7768"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc-node/pull/1605"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc-node/pull/1606"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc-node/releases/tag/grpc%401.24.4"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038819"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-GRPC-598671"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-GRPCGRPCJS-1038818"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/@grpc/grpc-js"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/grpc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype pollution in grpc and @grpc/grpc-js"
}
GHSA-PQWC-3VHW-QCVQ
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2024-02-01 21:00Overview
Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
Details
The NPM module 'shvl' can be abused by Prototype Pollution vulnerability since the function 'set()' did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.
PoC Details
The 'set()' function accepts four arguments object, path, val, obj. Due to the absence of validation, at values passed into path, val arguments, an attacker can supply a malicious value by adjusting the path value to include the __proto__ property. Since there is no validation before assigning property to check whether the assigned path is the Object's own property or not, the property isAdmin will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate isAdmin the valued would be substituted as "true" as it had been polluted.
const shvl = require('shvl');
var obj = {}
console.log("Before : " + obj.isAdmin);
shvl.set(obj, '__proto__.isAdmin', true);
console.log("After : " + obj.isAdmin);
Affected Environments
1.0.0-2.0.1
Remediation
There are a couple of ways to mitigate prototype pollution vulnerabilities, for example: Most of the cases can be solved by freezing an object which doesn’t allow to add, remove, or change its properties. Validating the JSON input with schema validation, this guarantees that the JSON input contains only predefined attributes. We can change the objects, so they won’t have any prototype association by using “Object.create”.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.1"
},
"package": {
"ecosystem": "npm",
"name": "shvl"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "2.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-28278"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-01T21:00:24Z",
"nvd_published_at": "2020-12-29T18:15:00Z",
"severity": "CRITICAL"
},
"details": "### Overview\nPrototype pollution vulnerability in \u0027shvl\u0027 versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.\n\n### Details\nThe NPM module \u0027shvl\u0027 can be abused by Prototype Pollution vulnerability since the function \u0027set()\u0027 did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.\n\n### PoC Details\nThe \u0027set()\u0027 function accepts four arguments `object, path, val, obj`. Due to the absence of validation, at values passed into `path, val` arguments, an attacker can supply a malicious value by adjusting the `path` value to include the `__proto__` property. Since there is no validation before assigning property to check whether the assigned `path` is the Object\u0027s own property or not, the property `isAdmin` will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate `isAdmin` the valued would be substituted as \"true\" as it had been polluted.\n\n```js\nconst shvl = require(\u0027shvl\u0027);\nvar obj = {}\nconsole.log(\"Before : \" + obj.isAdmin);\nshvl.set(obj, \u0027__proto__.isAdmin\u0027, true);\nconsole.log(\"After : \" + obj.isAdmin);\n```\n\n### Affected Environments\n1.0.0-2.0.1\n\n### Remediation\nThere are a couple of ways to mitigate prototype pollution vulnerabilities, for example: Most of the cases can be solved by freezing an object which doesn\u2019t allow to add, remove, or change its properties. Validating the JSON input with schema validation, this guarantees that the JSON input contains only predefined attributes. We can change the objects, so they won\u2019t have any prototype association by using \u201cObject.create\u201d.",
"id": "GHSA-pqwc-3vhw-qcvq",
"modified": "2024-02-01T21:00:24Z",
"published": "2022-05-24T17:37:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28278"
},
{
"type": "WEB",
"url": "https://github.com/robinvdvleuten/shvl/issues/34"
},
{
"type": "WEB",
"url": "https://github.com/robinvdvleuten/shvl/pull/36"
},
{
"type": "WEB",
"url": "https://github.com/robinvdvleuten/shvl/commit/513c0848774dfb114ad0d0554abf7927cfdd569e"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210320222933/https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28278"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "shvl vulnerable to prototype pollution"
}
GHSA-PRC2-X3QX-38M9
Vulnerability from github – Published: 2026-06-18 00:32 – Updated: 2026-06-18 00:32ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).
{
"affected": [],
"aliases": [
"CVE-2026-53676"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T23:17:04Z",
"severity": "HIGH"
},
"details": "ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).",
"id": "GHSA-prc2-x3qx-38m9",
"modified": "2026-06-18T00:32:37Z",
"published": "2026-06-18T00:32:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53676"
},
{
"type": "WEB",
"url": "https://github.com/thingsboard/thingsboard/pull/15600"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN16937365"
},
{
"type": "WEB",
"url": "https://thingsboard.io/docs/releases/releases-table"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PRM5-8G2M-24GG
Vulnerability from github – Published: 2022-11-08 17:29 – Updated: 2022-11-09 00:04Impact
An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser.
Patches
Prevent prototype pollution in MongoDB database adapter.
Workarounds
Disable remote code execution through the MongoDB BSON parser.
Collaborators
Mikhail Shcherbakov (KTH), Cristian-Alexandru Staicu (CISPA) and Musard Balliu (KTH) working with Trend Micro Zero Day Initiative
References
- https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.10.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39396"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-08T17:29:16Z",
"nvd_published_at": "2022-11-10T01:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nAn attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. \n\n### Patches\n\nPrevent prototype pollution in MongoDB database adapter.\n\n### Workarounds\n\nDisable remote code execution through the MongoDB BSON parser.\n\n### Collaborators\n\nMikhail Shcherbakov (KTH), Cristian-Alexandru Staicu (CISPA) and Musard Balliu (KTH) working with Trend Micro Zero Day Initiative\n\n### References\n\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg\n",
"id": "GHSA-prm5-8g2m-24gg",
"modified": "2022-11-09T00:04:54Z",
"published": "2022-11-08T17:29:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39396"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/8295"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/8296"
},
{
"type": "PACKAGE",
"url": "https://github.com/parse-community/parse-server"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/releases/tag/4.10.18"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/releases/tag/5.3.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Remote code execution via MongoDB BSON parser through prototype pollution"
}
GHSA-PWJ4-F48Q-V2H2
Vulnerability from github – Published: 2026-06-26 15:32 – Updated: 2026-06-27 21:30In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
{
"affected": [],
"aliases": [
"CVE-2026-57926"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T14:17:07Z",
"severity": "LOW"
},
"details": "In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack",
"id": "GHSA-pwj4-f48q-v2h2",
"modified": "2026-06-27T21:30:29Z",
"published": "2026-06-26T15:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57926"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PWM7-QR6J-3VJG
Vulnerability from github – Published: 2022-01-12 22:56 – Updated: 2022-01-11 18:14All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "realms-shim"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23594"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-11T18:14:15Z",
"nvd_published_at": "2022-01-10T14:10:00Z",
"severity": "CRITICAL"
},
"details": "All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.",
"id": "GHSA-pwm7-qr6j-3vjg",
"modified": "2022-01-11T18:14:15Z",
"published": "2022-01-12T22:56:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23594"
},
{
"type": "PACKAGE",
"url": "https://github.com/Agoric/realms-shim"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309907"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/realms-shim"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in realms-shim"
}
GHSA-Q4J7-V27R-FGCX
Vulnerability from github – Published: 2022-01-13 15:00 – Updated: 2022-01-11 18:13All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "realms-shim"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23543"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-11T18:13:17Z",
"nvd_published_at": "2022-01-10T14:10:00Z",
"severity": "CRITICAL"
},
"details": "All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.",
"id": "GHSA-q4j7-v27r-fgcx",
"modified": "2022-01-11T18:13:17Z",
"published": "2022-01-13T15:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23543"
},
{
"type": "PACKAGE",
"url": "https://github.com/Agoric/realms-shim"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309908"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/realms-shim"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in realms-shim"
}
GHSA-Q4XC-7CW8-CGFJ
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2024-02-01 21:04Overview
Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
Details
The NPM module 'dset' can be abused by Prototype Pollution vulnerability since the function ‘export ()' did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.
PoC
The export function accepts three arguments obj, keys, val. Due to the absence of validation, at values passed into keys, val arguments, an attacker can supply a malicious value by adjusting the keys value to include the __proto__ property. Since there is no validation before assigning property to check whether the assigned keys is the Object's own property or not, the property isAdmin will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate isAdmin the valued would be substituted as "true" as it had been polluted.
const dset = require('dset');
var obj = {}
console.log("Before : " + obj.isAdmin);
dset(obj, '__proto__.polluted', true);
console.log("After : " + obj.polluted);
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "dset"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-28277"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-01T21:04:19Z",
"nvd_published_at": "2020-12-29T17:15:00Z",
"severity": "CRITICAL"
},
"details": "### Overview\nPrototype pollution vulnerability in \u0027dset\u0027 versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.\n\n### Details\nThe NPM module \u0027dset\u0027 can be abused by Prototype Pollution vulnerability since the function \u2018export ()\u0027 did not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.\n\n### PoC\nThe export function accepts three arguments `obj, keys, val`. Due to the absence of validation, at values passed into `keys, val` arguments, an attacker can supply a malicious value by adjusting the `keys` value to include the `__proto__` property. Since there is no validation before assigning property to check whether the assigned `keys` is the Object\u0027s own property or not, the property `isAdmin` will be directly be assigned to the empty obj({}) thereby polluting the Object prototype. Later in the code, if there is a check to validate `isAdmin` the valued would be substituted as \"true\" as it had been polluted.\n\n```js\nconst dset = require(\u0027dset\u0027);\nvar obj = {}\nconsole.log(\"Before : \" + obj.isAdmin);\ndset(obj, \u0027__proto__.polluted\u0027, true);\nconsole.log(\"After : \" + obj.polluted);\n```\n",
"id": "GHSA-q4xc-7cw8-cgfj",
"modified": "2024-02-01T21:04:19Z",
"published": "2022-05-24T17:37:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28277"
},
{
"type": "WEB",
"url": "https://github.com/lukeed/dset/issues/11"
},
{
"type": "WEB",
"url": "https://github.com/lukeed/dset/commit/2b9ec49e231107b1a83b04a1bc1a66a8d14cea1c"
},
{
"type": "WEB",
"url": "https://github.com/lukeed/dset/blob/50a6ead172d1466a96035eff00f8eb465ccd050a/src/index.js#L6"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210104204657/https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28277"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "dset vulnerable to prototype pollution"
}
GHSA-Q5F4-99JV-PGG5
Vulnerability from github – Published: 2026-04-29 21:25 – Updated: 2026-05-08 01:31Impact
A flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node's SSH operations, achieve remote code execution on the n8n host.
Patches
The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.
Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creation and editing permissions to fully trusted users only.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.123.32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "2.18.0"
},
{
"fixed": "2.18.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "2.17.0"
},
{
"fixed": "2.17.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42231"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-29T21:25:02Z",
"nvd_published_at": "2026-05-04T19:16:05Z",
"severity": "CRITICAL"
},
"details": "## Impact\nA flaw in the `xml2js` library used to parse XML request bodies in n8n\u0027s webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node\u0027s SSH operations, achieve remote code execution on the n8n host.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"id": "GHSA-q5f4-99jv-pgg5",
"modified": "2026-05-08T01:31:38Z",
"published": "2026-04-29T21:25:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42231"
},
{
"type": "PACKAGE",
"url": "https://github.com/n8n-io/n8n"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE"
}
GHSA-Q5J8-9M9G-X2JH
Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 23:30A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "module-from-string"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-57072"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-06T23:30:54Z",
"nvd_published_at": "2025-02-05T22:15:31Z",
"severity": "HIGH"
},
"details": "A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.",
"id": "GHSA-q5j8-9m9g-x2jh",
"modified": "2025-02-06T23:30:54Z",
"published": "2025-02-06T06:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57072"
},
{
"type": "WEB",
"url": "https://gist.github.com/tariqhawis/8b1fe301dd1ea52952cef347daddee67"
},
{
"type": "PACKAGE",
"url": "https://github.com/exuanbo/module-from-string"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "module-from-string prototype pollution"
}
Mitigation
By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.
Mitigation
By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.
Mitigation
Strategy: Input Validation
When handling untrusted objects, validating using a schema can be used.
Mitigation
By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.
Mitigation
Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.