CVE-2026-12209
Description
A prototype pollution in avalon (≤2.2.10) allows remote code execution via crafted templates that bypass filter lookup protections.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A prototype pollution in avalon (≤2.2.10) allows remote code execution via crafted templates that bypass filter lookup protections.
Vulnerability
In RubyLouvre avalon up to version 2.2.10, the template filter handler in src/filters/index.js stores filters in a plain object (var filters = avalon.filters = {}) without an hasOwnProperty check when accessing avalon.filters[name] [1]. This allows prototype chain traversal, so properties like __proto__ or constructor can be accessed as filter names [1]. The vendor has not maintained the project since 2019 [1].
Exploitation
An attacker who can control template content (e.g., via template injection in the application) can supply a filter name such as __proto__ or constructor [1]. The filter lookup bypasses prototype protections, and since typeof Object === 'function' passes the execution check, the constructor can be called as a filter function [1]. Additionally, the template parser compiles expressions using new Function('__vmodel__', 'return ' + body + ';') (confirmed at 6 locations in the source), enabling arbitrary code execution when the attacker controls the template body [1]. No authentication or special network position is mentioned – the attack can be launched remotely [1].
Impact
Successful exploitation allows remote code execution (RCE) with the privileges of the application process, potentially leading to full system compromise [1]. A published proof of concept demonstrates spawning a calculator process via process.mainModule.require("child_process").execSync("calc.exe") [1]. The impact is high because it bypasses prototype integrity and allows arbitrary JavaScript execution in the context of the avalon template parser [1].
Mitigation
No fix is available as the vendor did not respond to the disclosure and the project appears unmaintained since 2019 [1]. Users should avoid using avalon in new projects and, if already in use, restrict template content to trusted sources only until a migration to an alternative library is possible [1]. The CVE is not listed on CISA's Known Exploited Vulnerabilities catalog based on the provided information [1].
AI Insight generated on Jun 15, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=2.2.10
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing `hasOwnProperty` check when looking up template filters in a plain object allows prototype chain traversal, which combined with `new Function()` compilation in the template parser enables arbitrary code execution."
Attack vector
An attacker who can inject or control template content (template injection) can leverage avalon's insecure filter lookup to traverse the prototype chain [ref_id=1]. Because filters are stored in a plain object without a `hasOwnProperty` check, accessing `avalon.filters["__proto__"]` returns `Object.prototype` and `avalon.filters["constructor"]` returns the `Object` constructor, which passes the `typeof === "function"` check [ref_id=1]. The template parser then compiles the injected expression via `new Function()`, which runs in a context that can access `process.mainModule.require("child_process")`, leading to remote code execution [ref_id=1]. The attack requires no authentication and can be launched over the network.
Affected code
The vulnerability resides in the template filter handler `src/filters/index.js` and the template parser `src/parser/index.js`. In `src/filters/index.js`, filters are stored as a plain object (`var filters = avalon.filters = {}`) and accessed via bracket notation without a `hasOwnProperty` check, enabling prototype chain traversal. The template parser in `src/parser/index.js` compiles expressions using `new Function('__vmodel__', 'return ' + body + ';')`, which, when combined with the filter bypass, allows arbitrary JavaScript execution.
What the fix does
The advisory notes that the vendor was contacted but did not respond, and the project has been unmaintained since 2019 [ref_id=1]. No patch is provided in the bundle. The recommended remediation is to avoid using the unmaintained avalon library, or to manually add a `hasOwnProperty` guard when accessing filters and to avoid compiling user-controllable template content with `new Function()`.
Preconditions
- inputAttacker must be able to inject or control template content processed by avalon
- networkNo authentication required; network accessibility sufficient
Reproduction
## Prerequisites - Node.js installed - Terminal access
## Steps
1. Create a new directory and install the vulnerable package: ```bash mkdir avalon-poc && cd avalon-poc npm install avalon2 ```
2. Create `poc.js` with the following content: ```javascript const avalon = require("avalon2");
// Prototype escape — plain object, no hasOwnProperty check avalon.filters["__proto__"]; // → Object.prototype avalon.filters["constructor"]; // → Object() (typeof === "function")
// RCE — new Function() in template parser new Function('__vmodel__', 'return process.mainModule.require("child_process").execSync("calc.exe")')(); ```
3. Run the proof of concept: ```bash node poc.js ```
Expected result (Windows): Calculator process spawned.
*Note: On Linux/macOS, replace `"calc.exe"` with `"id"` or `"gnome-calculator"` accordingly.*
Generated on Jun 15, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.