CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Description
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-180 · CAPEC-77
CVEs mapped to this weakness (488)
page 24 of 25| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11066 | 0.00 | — | 0.01 | May 13, 2020 | In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering… | |||
| CVE-2020-7644 | — | 0.00 | — | 0.01 | Apr 28, 2020 | fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||
| CVE-2020-7618 | 0.00 | — | 0.00 | Apr 7, 2020 | sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'. | |||
| CVE-2020-7616 | 0.00 | — | 0.00 | Apr 7, 2020 | express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack… | |||
| CVE-2020-7639 | 0.00 | — | 0.00 | Apr 6, 2020 | eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||
| CVE-2020-7638 | — | 0.00 | — | 0.00 | Apr 6, 2020 | confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||
| CVE-2020-7637 | — | 0.00 | — | 0.00 | Apr 6, 2020 | class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||
| CVE-2020-7608 | — | 0.00 | — | 0.00 | Mar 16, 2020 | yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. | ||
| CVE-2020-7600 | — | 0.00 | — | 0.00 | Mar 12, 2020 | querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks. | ||
| CVE-2019-10808 | — | 0.00 | — | 0.00 | Mar 11, 2020 | utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype. | ||
| CVE-2020-7598 | — | 0.00 | — | 0.00 | Mar 11, 2020 | minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. | ||
| CVE-2020-5258 | 0.00 | — | 0.02 | Mar 10, 2020 | In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes… | |||
| CVE-2019-10806 | — | 0.00 | — | 0.00 | Mar 9, 2020 | vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype. | ||
| CVE-2020-8116 | — | 0.00 | — | 0.01 | Feb 4, 2020 | Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | ||
| CVE-2019-19919 | — | 0.00 | — | 0.25 | Dec 20, 2019 | Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads. | ||
| CVE-2019-10768 | 0.00 | — | 0.00 | Nov 19, 2019 | In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. | |||
| CVE-2019-10747 | — | 0.00 | — | 0.00 | Aug 23, 2019 | set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. | ||
| CVE-2019-10745 | — | 0.00 | — | 0.00 | Aug 20, 2019 | assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a _proto_ payload. | ||
| CVE-2019-14379 | — | 0.00 | — | 0.01 | Jul 29, 2019 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | ||
| CVE-2019-11358 | 0.00 | — | 0.01 | Apr 19, 2019 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. |
- CVE-2020-11066May 13, 2020risk 0.00cvss —epss 0.01
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering…
- CVE-2020-7644Apr 28, 2020risk 0.00cvss —epss 0.01
fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
- CVE-2020-7618Apr 7, 2020risk 0.00cvss —epss 0.00
sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.
- CVE-2020-7616Apr 7, 2020risk 0.00cvss —epss 0.00
express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack…
- CVE-2020-7639Apr 6, 2020risk 0.00cvss —epss 0.00
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
- CVE-2020-7638Apr 6, 2020risk 0.00cvss —epss 0.00
confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
- CVE-2020-7637Apr 6, 2020risk 0.00cvss —epss 0.00
class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
- CVE-2020-7608Mar 16, 2020risk 0.00cvss —epss 0.00
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
- CVE-2020-7600Mar 12, 2020risk 0.00cvss —epss 0.00
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
- CVE-2019-10808Mar 11, 2020risk 0.00cvss —epss 0.00
utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype.
- CVE-2020-7598Mar 11, 2020risk 0.00cvss —epss 0.00
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
- CVE-2020-5258Mar 10, 2020risk 0.00cvss —epss 0.02
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes…
- CVE-2019-10806Mar 9, 2020risk 0.00cvss —epss 0.00
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.
- CVE-2020-8116Feb 4, 2020risk 0.00cvss —epss 0.01
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
- CVE-2019-19919Dec 20, 2019risk 0.00cvss —epss 0.25
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
- CVE-2019-10768Nov 19, 2019risk 0.00cvss —epss 0.00
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
- CVE-2019-10747Aug 23, 2019risk 0.00cvss —epss 0.00
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.
- CVE-2019-10745Aug 20, 2019risk 0.00cvss —epss 0.00
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a _proto_ payload.
- CVE-2019-14379Jul 29, 2019risk 0.00cvss —epss 0.01
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
- CVE-2019-11358Apr 19, 2019risk 0.00cvss —epss 0.01
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.