CWE-471
AllowedModification of Assumed-Immutable Data (MAID)
Abstraction: Base · Status: Draft
The product does not properly protect an assumed-immutable element from being modified by an attacker.
69 vulnerabilities reference this CWE, most recent first.
GHSA-Q42P-PG8M-CQH6
Vulnerability from github – Published: 2019-06-05 14:07 – Updated: 2021-08-04 20:54Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
Recommendation
For handlebars 4.1.x upgrade to 4.1.2 or later. For handlebars 4.0.x upgrade to 4.0.14 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "handlebars"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "handlebars"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "handlebars"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-471"
],
"github_reviewed": true,
"github_reviewed_at": "2019-06-05T13:55:39Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Versions of `handlebars` prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects\u0027 prototype, thus allowing an attacker to execute arbitrary code on the server.\n\n\n## Recommendation\n\nFor handlebars 4.1.x upgrade to 4.1.2 or later.\nFor handlebars 4.0.x upgrade to 4.0.14 or later.",
"id": "GHSA-q42p-pg8m-cqh6",
"modified": "2021-08-04T20:54:05Z",
"published": "2019-06-05T14:07:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/handlebars-lang/handlebars.js/issues/1495"
},
{
"type": "WEB",
"url": "https://github.com/handlebars-lang/handlebars.js/commit/0d6d8c335ad81bad1b672fc56b6a44f6aa472dac"
},
{
"type": "WEB",
"url": "https://github.com/handlebars-lang/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86"
},
{
"type": "WEB",
"url": "https://github.com/handlebars-lang/handlebars.js/commit/85c8783b34fc6d36145d8b53885ad0b9e3c3f9c4"
},
{
"type": "WEB",
"url": "https://github.com/handlebars-lang/handlebars.js/commit/cd38583216dce3252831916323202749431c773e"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/755"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in handlebars"
}
GHSA-Q553-9G48-GQQP
Vulnerability from github – Published: 2023-10-09 15:30 – Updated: 2024-04-04 08:26Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests.
{
"affected": [],
"aliases": [
"CVE-2023-43697"
],
"database_specific": {
"cwe_ids": [
"CWE-471"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-09T13:15:10Z",
"severity": "MODERATE"
},
"details": "\nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n",
"id": "GHSA-q553-9g48-gqqp",
"modified": "2024-04-04T08:26:09Z",
"published": "2023-10-09T15:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43697"
},
{
"type": "WEB",
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json"
},
{
"type": "WEB",
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q9G6-JF2G-R26W
Vulnerability from github – Published: 2022-10-17 19:00 – Updated: 2022-10-20 19:00A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.
{
"affected": [],
"aliases": [
"CVE-2022-3288"
],
"database_specific": {
"cwe_ids": [
"CWE-471"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-17T16:15:00Z",
"severity": "MODERATE"
},
"details": "A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.",
"id": "GHSA-q9g6-jf2g-r26w",
"modified": "2022-10-20T19:00:36Z",
"published": "2022-10-17T19:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3288"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1498354"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3288.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/354948"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QVQ2-C564-CCWW
Vulnerability from github – Published: 2025-04-30 21:31 – Updated: 2025-04-30 21:31: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.
{
"affected": [],
"aliases": [
"CVE-2024-9876"
],
"database_specific": {
"cwe_ids": [
"CWE-471"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-30T19:15:54Z",
"severity": "HIGH"
},
"details": ": Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.",
"id": "GHSA-qvq2-c564-ccww",
"modified": "2025-04-30T21:31:48Z",
"published": "2025-04-30T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9876"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2CRT000006\u0026LanguageCode=en\u0026DocumentPartId=PDF\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R5VR-5HVG-2XCG
Vulnerability from github – Published: 2023-07-06 21:15 – Updated: 2024-04-04 05:49The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.
{
"affected": [],
"aliases": [
"CVE-2023-2904"
],
"database_specific": {
"cwe_ids": [
"CWE-471"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-07T22:15:09Z",
"severity": "HIGH"
},
"details": "The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0 through\n 5.11.3 are vulnerable to manipulation within web fields in the \napplication programmable interface (API). An attacker could log in using\n account credentials available through a request generated by an \ninternal user and then manipulate the visitor-id within the web API to \naccess the personal data of other users. There is no limit on the number\n of requests that can be made to the HID SAFE Web Server, so an attacker\n could also exploit this vulnerability to create a denial-of-service \ncondition.\n\n",
"id": "GHSA-r5vr-5hvg-2xcg",
"modified": "2024-04-04T05:49:27Z",
"published": "2023-07-06T21:15:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2904"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02"
},
{
"type": "WEB",
"url": "https://www.hidglobal.com/security-center"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RGJC-H3X7-9MWG
Vulnerability from github – Published: 2026-06-15 15:16 – Updated: 2026-06-15 15:16To optimize client-side bootstrap in Server-Side Rendered (SSR) environments, Angular supports Hydration via provideClientHydration(). During SSR, Angular serializes the application's runtime state (such as cached HttpClient responses) and outputs it into the HTML stream as a <script> tag with a predictable identifier:
<script type="application/json" id="ng-state">
{"some-api-url": {"body": ...}}
</script>
````
During client bootstrap, Angular recovers this state by looking up the element via `document.getElementById('ng-state')` and parsing its text content.
Because the DOM element lookup for the state container is predictable and relies solely on the ID selector (`ng-state`), it is susceptible to **DOM Clobbering**.
If the application binds untrusted user input or CMS content to element properties such as `id` (e.g., `<div [id]="userInput">` or `<a id="ng-state">`) *before* the genuine `<script>` tag is parsed by the browser, the attacker-controlled element takes precedence in the DOM lookup.
During hydration, when Angular calls `document.getElementById('ng-state')`, the browser returns the attacker's clobbered element. Angular then attempts to parse the text content or attributes of this clobbered element as JSON.
### Impact
By clobbering the state element, the attacker can inject a custom JSON payload into Angular's `TransferState` cache. The most critical exploitation vector is poisoning the **HTTP Transfer Cache**.
1. The attacker injects a clobbered `ng-state` element containing custom JSON.
2. The JSON maps a key (representing a target API endpoint URL) to a malicious payload of the attacker's choice.
3. During client-side initialization, Angular's `HttpClient` checks `TransferState` before making requests. Finding the poisoned key, `HttpClient` returns the forged response instantly instead of requesting the genuine backend API.
Depending on how the application processes and renders the affected API response, this can lead to:
* **DOM-based Cross-Site Scripting (XSS)** if poisoned fields are rendered using unsafe bindings.
* **Privilege Escalation** by spoofing user info or session details retrieved from poisoned API payloads.
* **UI Hijacking** and redirection by spoofing configuration endpoints.
### Patched Versions
* 22.0.1
* 21.2.17
* 20.3.25
### Workarounds
If you cannot immediately update to a patched Angular version, apply the following workarounds:
#### A. Avoid Dynamic/User-Controlled IDs
Avoid binding raw user-supplied values or dynamic CMS IDs directly to element attributes. If dynamic IDs are required, sanitize them or prepend a static safe prefix:
```html
<!-- Vulnerable Pattern -->
<div [id]="userControlledInput">...</div>
<!-- Mitigated Pattern -->
<div [id]="'safe-prefix-' + userControlledInput">...</div>
B. Configure a Custom Application ID
Declaring a unique, non-predictable APP_ID changes the ID suffix of the state element, making it harder for attackers to predict and target:
// app.config.ts
import { APP_ID } from '@angular/core';
import { provideClientHydration } from '@angular/platform-browser';
export const appConfig = {
providers: [
{ provide: APP_ID, useValue: 'unique-obfuscated-app-id' },
provideClientHydration()
]
};
This changes the state element lookup ID from ng-state to unique-obfuscated-app-id-state.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@angular/core"
},
"ranges": [
{
"events": [
{
"introduced": "22.0.0-next.0"
},
{
"fixed": "22.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/core"
},
"ranges": [
{
"events": [
{
"introduced": "21.0.0-next.0"
},
{
"fixed": "21.2.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/core"
},
"ranges": [
{
"events": [
{
"introduced": "20.0.0-next.0"
},
{
"fixed": "20.3.25"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.2.25"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54267"
],
"database_specific": {
"cwe_ids": [
"CWE-471",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-15T15:16:18Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "To optimize client-side bootstrap in Server-Side Rendered (SSR) environments, Angular supports **Hydration** via `provideClientHydration()`. During SSR, Angular serializes the application\u0027s runtime state (such as cached `HttpClient` responses) and outputs it into the HTML stream as a `\u003cscript\u003e` tag with a predictable identifier:\n\n```html\n\u003cscript type=\"application/json\" id=\"ng-state\"\u003e\n {\"some-api-url\": {\"body\": ...}}\n\u003c/script\u003e\n````\n\nDuring client bootstrap, Angular recovers this state by looking up the element via `document.getElementById(\u0027ng-state\u0027)` and parsing its text content.\n\nBecause the DOM element lookup for the state container is predictable and relies solely on the ID selector (`ng-state`), it is susceptible to **DOM Clobbering**.\n\nIf the application binds untrusted user input or CMS content to element properties such as `id` (e.g., `\u003cdiv [id]=\"userInput\"\u003e` or `\u003ca id=\"ng-state\"\u003e`) *before* the genuine `\u003cscript\u003e` tag is parsed by the browser, the attacker-controlled element takes precedence in the DOM lookup.\n\nDuring hydration, when Angular calls `document.getElementById(\u0027ng-state\u0027)`, the browser returns the attacker\u0027s clobbered element. Angular then attempts to parse the text content or attributes of this clobbered element as JSON.\n\n### Impact\n\nBy clobbering the state element, the attacker can inject a custom JSON payload into Angular\u0027s `TransferState` cache. The most critical exploitation vector is poisoning the **HTTP Transfer Cache**.\n\n1. The attacker injects a clobbered `ng-state` element containing custom JSON. \n2. The JSON maps a key (representing a target API endpoint URL) to a malicious payload of the attacker\u0027s choice. \n3. During client-side initialization, Angular\u0027s `HttpClient` checks `TransferState` before making requests. Finding the poisoned key, `HttpClient` returns the forged response instantly instead of requesting the genuine backend API.\n\nDepending on how the application processes and renders the affected API response, this can lead to:\n\n* **DOM-based Cross-Site Scripting (XSS)** if poisoned fields are rendered using unsafe bindings. \n* **Privilege Escalation** by spoofing user info or session details retrieved from poisoned API payloads. \n* **UI Hijacking** and redirection by spoofing configuration endpoints.\n\n### Patched Versions\n\n* 22.0.1 \n* 21.2.17 \n* 20.3.25\n\n### Workarounds\n\nIf you cannot immediately update to a patched Angular version, apply the following workarounds:\n\n#### A. Avoid Dynamic/User-Controlled IDs\n\nAvoid binding raw user-supplied values or dynamic CMS IDs directly to element attributes. If dynamic IDs are required, sanitize them or prepend a static safe prefix:\n\n```html\n\u003c!-- Vulnerable Pattern --\u003e\n\u003cdiv [id]=\"userControlledInput\"\u003e...\u003c/div\u003e\n\n\u003c!-- Mitigated Pattern --\u003e\n\u003cdiv [id]=\"\u0027safe-prefix-\u0027 + userControlledInput\"\u003e...\u003c/div\u003e\n```\n\n#### B. Configure a Custom Application ID\n\nDeclaring a unique, non-predictable `APP_ID` changes the ID suffix of the state element, making it harder for attackers to predict and target:\n\n```ts\n// app.config.ts\n\nimport { APP_ID } from \u0027@angular/core\u0027;\nimport { provideClientHydration } from \u0027@angular/platform-browser\u0027;\n\nexport const appConfig = {\n providers: [\n { provide: APP_ID, useValue: \u0027unique-obfuscated-app-id\u0027 },\n provideClientHydration()\n ]\n};\n\n```\n\nThis changes the state element lookup ID from `ng-state` to `unique-obfuscated-app-id-state`.",
"id": "GHSA-rgjc-h3x7-9mwg",
"modified": "2026-06-15T15:16:18Z",
"published": "2026-06-15T15:16:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/angular/angular/security/advisories/GHSA-rgjc-h3x7-9mwg"
},
{
"type": "WEB",
"url": "https://github.com/angular/angular/pull/69064"
},
{
"type": "WEB",
"url": "https://github.com/angular/angular/commit/6bde84fa8e6a5770b54040fbbc9bf10d5d0386fa"
},
{
"type": "PACKAGE",
"url": "https://github.com/angular/angular"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Angular Client Hydration DOM Clobbering \u0026 Response-Cache Poisoning"
}
GHSA-VFRC-7R7C-W9MX
Vulnerability from github – Published: 2020-11-24 22:58 – Updated: 2022-10-20 13:52Impact
Affected versions of this package are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable.
The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector.
If your website or application does not render user provided data it should be unaffected.
Patches
Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release.
Workarounds
Patch your library
Manually patch your library to create null objects for both languages and aliases:
const HLJS = function(hljs) {
// ...
var languages = Object.create(null);
var aliases = Object.create(null);
Filter out bad data from end users:
Filter the language names that users are allowed to inject into your HTML to guarantee they are valid.
References
- What is Prototype Pollution?
- https://github.com/highlightjs/highlight.js/pull/2636
For more information
If you have any questions or comments about this advisory:
- Please file an issue against highlight.js
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "highlight.js"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.18.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "highlight.js"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-26237"
],
"database_specific": {
"cwe_ids": [
"CWE-471"
],
"github_reviewed": true,
"github_reviewed_at": "2020-11-24T22:56:50Z",
"nvd_published_at": "2020-11-24T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nAffected versions of this package are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object\u0027s prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable. \n\nThe pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector. \n\n_If your website or application does not render user provided data it should be unaffected._\n\n### Patches\n\nVersions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release.\n\n### Workarounds\n\n#### Patch your library\n\nManually patch your library to create null objects for both `languages` and `aliases`:\n\n```js\nconst HLJS = function(hljs) {\n // ...\n var languages = Object.create(null);\n var aliases = Object.create(null);\n```\n\n#### Filter out bad data from end users:\n\nFilter the language names that users are allowed to inject into your HTML to guarantee they are valid.\n\n### References\n\n* [What is Prototype Pollution?](https://codeburst.io/what-is-prototype-pollution-49482fc4b638)\n* https://github.com/highlightjs/highlight.js/pull/2636\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Please file an issue against [highlight.js](https://github.com/highlightjs/highlight.js/issues/)",
"id": "GHSA-vfrc-7r7c-w9mx",
"modified": "2022-10-20T13:52:50Z",
"published": "2020-11-24T22:58:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26237"
},
{
"type": "WEB",
"url": "https://github.com/highlightjs/highlight.js/pull/2636"
},
{
"type": "WEB",
"url": "https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0"
},
{
"type": "PACKAGE",
"url": "https://github.com/highlightjs/highlight.js"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00041.html"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/highlight.js"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in highlight.js"
}
GHSA-VRX2-77F2-WW34
Vulnerability from github – Published: 2026-04-22 21:25 – Updated: 2026-04-22 21:25Summary
justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling.
Most of these issues affected advanced or custom configurations rather than the default safe path.
Affected versions
justhtml<= 1.16.0
Fixed version
justhtml1.17.0released on April 19, 2026
Impact
Custom SVG / MathML sanitization policies
Custom policies that preserved foreign namespaces could allow dangerous content to survive sanitization, including:
- active HTML integration points such as SVG
<foreignObject>, MathML<annotation-xml encoding="text/html">, SVG<title>/<desc>, and MathML text integration points - mutation-XSS parser-differential payloads that looked inert in memory but became active HTML after reparse
- SVG
filter="url(...)"attributes that could trigger external fetches
These issues affected:
- JustHTML(..., sanitize=True) with custom foreign-namespace policies
- sanitize() / sanitize_dom()
- low-level terminal Sanitize(...) transform execution
Preserved <style> handling
Constructor-time sanitization and explicit Sanitize(...) transforms did not fully match sanitize() / sanitize_dom() when custom policies preserved <style>.
That could leave resource-loading CSS such as @import or background-image:url(...) in sanitized output from HTML string input.
Programmatic DOM serialization
Programmatic script, style, and Comment(...) nodes could still serialize into active markup in some edge cases.
This could affect applications that build or mutate DOM trees directly before calling to_html() or to_markdown(html_passthrough=True).
Cache mutation and DOM cycle handling
Two lower-severity hardening fixes were included:
- compiled sanitize-pipeline caches could be mutated after warming and weaken later sanitization
- parent/child cycles in programmatic DOM trees could cause infinite loops in operations such as
to_html()andsanitize_dom()
Default configuration
Most of the issues above did not affect ordinary parsed HTML with the default JustHTML(..., sanitize=True) configuration.
The main risk areas were:
- custom policies that preserve SVG or MathML
- custom policies that preserve
<style> - programmatic DOM construction or mutation
- low-level direct sanitizer/transform APIs
Recommended action
Upgrade to justhtml 1.17.0.
If users cannot upgrade immediately:
- avoid preserving SVG or MathML for untrusted input
- avoid preserving
<style>for untrusted input - avoid mutating programmatic DOM trees with untrusted
script,style, or comment content - avoid mutating warmed policy internals or sanitizer caches
Credit
Discovered during an internal security review of justhtml.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "justhtml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-436",
"CWE-471",
"CWE-79",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T21:25:46Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\n`justhtml` `1.17.0` fixes multiple security issues in sanitization, serialization, and programmatic DOM handling.\n\nMost of these issues affected advanced or custom configurations rather than the default safe path.\n\n## Affected versions\n\n- `justhtml` `\u003c= 1.16.0`\n\n## Fixed version\n\n- `justhtml` `1.17.0` released on April 19, 2026\n\n## Impact\n\n### Custom SVG / MathML sanitization policies\nCustom policies that preserved foreign namespaces could allow dangerous content to survive sanitization, including:\n\n- active HTML integration points such as SVG `\u003cforeignObject\u003e`, MathML `\u003cannotation-xml encoding=\"text/html\"\u003e`, SVG `\u003ctitle\u003e` / `\u003cdesc\u003e`, and MathML text integration points\n- mutation-XSS parser-differential payloads that looked inert in memory but became active HTML after reparse\n- SVG `filter=\"url(...)\"` attributes that could trigger external fetches\n\nThese issues affected:\n- `JustHTML(..., sanitize=True)` with custom foreign-namespace policies\n- `sanitize()` / `sanitize_dom()`\n- low-level terminal `Sanitize(...)` transform execution\n\n### Preserved `\u003cstyle\u003e` handling\nConstructor-time sanitization and explicit `Sanitize(...)` transforms did not fully match `sanitize()` / `sanitize_dom()` when custom policies preserved `\u003cstyle\u003e`.\n\nThat could leave resource-loading CSS such as `@import` or `background-image:url(...)` in sanitized output from HTML string input.\n\n### Programmatic DOM serialization\nProgrammatic `script`, `style`, and `Comment(...)` nodes could still serialize into active markup in some edge cases.\n\nThis could affect applications that build or mutate DOM trees directly before calling `to_html()` or `to_markdown(html_passthrough=True)`.\n\n### Cache mutation and DOM cycle handling\nTwo lower-severity hardening fixes were included:\n\n- compiled sanitize-pipeline caches could be mutated after warming and weaken later sanitization\n- parent/child cycles in programmatic DOM trees could cause infinite loops in operations such as `to_html()` and `sanitize_dom()`\n\n## Default configuration\n\nMost of the issues above did **not** affect ordinary parsed HTML with the default `JustHTML(..., sanitize=True)` configuration.\n\nThe main risk areas were:\n\n- custom policies that preserve SVG or MathML\n- custom policies that preserve `\u003cstyle\u003e`\n- programmatic DOM construction or mutation\n- low-level direct sanitizer/transform APIs\n\n## Recommended action\n\nUpgrade to `justhtml` `1.17.0`.\n\nIf users cannot upgrade immediately:\n\n- avoid preserving SVG or MathML for untrusted input\n- avoid preserving `\u003cstyle\u003e` for untrusted input\n- avoid mutating programmatic DOM trees with untrusted `script`, `style`, or comment content\n- avoid mutating warmed policy internals or sanitizer caches\n\n## Credit\n\nDiscovered during an internal security review of `justhtml`.",
"id": "GHSA-vrx2-77f2-ww34",
"modified": "2026-04-22T21:25:46Z",
"published": "2026-04-22T21:25:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-vrx2-77f2-ww34"
},
{
"type": "PACKAGE",
"url": "https://github.com/EmilStenstrom/justhtml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "justhtml has sanitization bypass in custom policies and programmatic DOM"
}
GHSA-XCVV-84J5-JW9H
Vulnerability from github – Published: 2018-07-26 15:12 – Updated: 2023-03-01 01:46Versions of assign-deep before 0.4.7 are vulnerable to prototype pollution via merging functions.
Recommendation
Update to version 0.4.7 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "assign-deep"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-3720"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-471"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T22:03:01Z",
"nvd_published_at": "2018-06-07T02:29:00Z",
"severity": "HIGH"
},
"details": "Versions of `assign-deep` before 0.4.7 are vulnerable to prototype pollution via merging functions.\n\n\n## Recommendation\n\nUpdate to version 0.4.7 or later.",
"id": "GHSA-xcvv-84j5-jw9h",
"modified": "2023-03-01T01:46:49Z",
"published": "2018-07-26T15:12:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3720"
},
{
"type": "WEB",
"url": "https://github.com/jonschlinkert/assign-deep/commit/19953a8c089b0328c470acaaaf6accdfcb34da11"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/310707"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-xcvv-84j5-jw9h"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/579"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in assign-deep"
}
Mitigation
When the data is stored or transmitted through untrusted sources that could modify the data, implement integrity checks to detect unauthorized modification, or store/transmit the data in a trusted location that is free from external influence.
CAPEC-384: Application API Message Manipulation via Man-in-the-Middle
An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to perform adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system. Despite the use of AiTH software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Adversary-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.
CAPEC-385: Transaction or Event Tampering via Application API Manipulation
An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.
CAPEC-386: Application API Navigation Remapping
An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains links/buttons that point to an attacker controlled destination. Some applications make navigation remapping more difficult to detect because the actual HREF values of images, profile elements, and links/buttons are masked. One example would be to place an image in a user's photo gallery that when clicked upon redirected the user to an off-site location. Also, traditional web vulnerabilities (such as CSRF) can be constructed with remapped buttons or links. In some cases navigation remapping can be used for Phishing attacks or even means to artificially boost the page view, user site reputation, or click-fraud.
CAPEC-387: Navigation Remapping To Propagate Malicious Content
An adversary manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic.
CAPEC-388: Application API Button Hijacking
An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.